28 matches found
CVE-2026-33726
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is...
PT-2026-28513
Name of the Vulnerable Software and Affected Versions Cilium versions prior to 1.17.14 Cilium versions 1.18.0 through 1.18.7 Cilium versions 1.19.0 through 1.19.1 Description Cilium is a networking, observability, and security solution utilizing an eBPF-based dataplane. Ingress Network Policies a...
GHSA-P77J-4MVH-X3M3 vulnerabilities
Vulnerabilities for packages: knative-eventing, percona-server-mongodb-operator, vault-env, wolfictl, coredns, node-problem-detector, terragrunt, falco-exporter, fuse-overlayfs-snapshotter, kwok, spiffe-helper, verticadb-operator, docker-cli-buildx, ksops, mattermost, vault-benchmark, ipfs-cluste...
Linux Distros Unpatched Vulnerability : CVE-2026-26963
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from...
CVE-2026-26963
A flaw was found in Cilium. When specific network configurations, including Native Routing, WireGuard, and Node Encryption, are enabled, Cilium incorrectly allows network traffic from Pods on other nodes. This can lead to unauthorized access to network communications and potential information...
EUVD-2023-1875
Malicious code in bioql PyPI...
EUVD-2023-1092
Malicious code in bioql PyPI...
EUVD-2025-0150
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-30162
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services an...
Linux Distros Unpatched Vulnerability : CVE-2025-30163
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Node based network policies fromNodes and toNodes will incorrectly...
CVE-2023-30851
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. This issue only impacts users who have a HTTP policy that applies to multiple toEndpoints AND have an allow-all rule in place that affects only one of those endpoints. In such cases, a wildcard rule will be...
CVE-2023-27595
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In version 1.13.0, when Cilium is started, there is a short period when Cilium eBPF programs are not attached to the host. During this period, the host does not implement any of Cilium's featureset. This ca...
BIT-CILIUM-OPERATOR-2025-32793 Cilium packets from terminating endpoints may not be encrypted in Wireguard-enabled clusters
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.15.0 to 1.15.15, 1.16.0 to 1.16.8, and 1.17.0 to 1.17.2, are vulnerable when using Wireguard transparent encryption in a Cilium cluster, packets that originate from a terminating endpoint can lea...
GHSA-5VXX-C285-PCQ4 In Cilium, packets from terminating endpoints may not be encrypted in Wireguard-enabled clusters
Impact When using Wireguard transparent encryption in a Cilium cluster, packets that originate from a terminating endpoint can leave the source node without encryption due to a race condition in how traffic is processed by Cilium. Patches This issue has been patched in...
CVE-2025-32793
CVE-2025-32793 affects Cilium’s eBPF dataplane when WireGuard transparent encryption is enabled. Versions 1.15.0–1.15.15, 1.16.0–1.16.8, and 1.17.0–1.17.2 are vulnerable to a race condition where packets from a terminating endpoint may leave the source node unencrypted. The issue is fixed in 1.15...
Incorrect Authorization
Cilium is vulnerable to Incorrect Authorization. The vulnerability is due to improper enforcement of node-based network policies due to misconfigured fromNodes and toNodes rules, which incorrectly permit traffic to or from non-node endpoints that share the specified labels...
Incorrect Authorization
github.com/cilium/cilium is vulnerable to Incorrect Authorization. The vulnerability is due to improper enforcement of egress restrictions due to a misconfiguration where egress traffic to LoadBalancers deployed via Gateway API is incorrectly allowed, despite network policies blocking such traffi...
CVE-2025-30162 East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and use LB-IPAM or BGP for LB Service implementation and use network policies to block egress traffic from workloads in a namespace to...
SUSE CVE-2025-23028
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. A denial of service vulnerability affects versions 1.14.0 through 1.14.7, 1.15.0 through 1.15.11, and 1.16.0 through 1.16.4. In a Kubernetes cluster where Cilium is configured to proxy DNS traffic, an...
Sensitive Data Exposure
github.com/cilium/cilium is vulnerable to Sensitive Data Exposure. The vulnerability is due to improper default configuration of the Access-Control-Allow-Origin header, which allows cross-origin requests from untrusted sources, potentially exposing sensitive information when accessing the Hubble ...