24 matches found
📄 Cilium 1.18.5 Traffic Bypass
This Python proof of concept script performs a comprehensive node-level analysis to assess a vulnerability in Cilium versions 1.18.0 through 1.18.5 that allows cross-node Pod traffic to bypass Host Firewall policies when Native Routing, WireGuard, and Node Encryption are enabled...
GO-2026-4522 Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled in github.com/cilium/cilium
Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled in github.com/cilium/cilium...
BIT-HUBBLE-RELAY-2026-26963 Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, WireGuard and Node Encryption are enabled. This issue has been fixed in version 1.18.6...
BIT-CILIUM-OPERATOR-2026-26963 Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, WireGuard and Node Encryption are enabled. This issue has been fixed in version 1.18.6...
BIT-CILIUM-2026-26963 Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, WireGuard and Node Encryption are enabled. This issue has been fixed in version 1.18.6...
CVE-2026-26963 Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, WireGuard and Node Encryption are enabled. This issue has been fixed in version 1.18.6...
CVE-2026-26963 Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, WireGuard and Node Encryption are enabled. This issue has been fixed in version 1.18.6...
CVE-2026-26963
CVE-2026-26963 affects Cilium: vulnerable in versions 1.18.0–1.18.5 where traffic from Pods on other nodes can bypass isolation when Native Routing, WireGuard and Node Encryption are enabled. Root cause is the eBPF datapath handling allowing cross-node traffic leakage under those configurations. ...
CVE-2026-26963 Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, WireGuard and Node Encryption are enabled. This issue has been fixed in version 1.18.6...
Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled
Impact Host Policies will incorrectly permit traffic from Pods on other nodes when all of the following configurations are enabled: Native Routing WireGuard Node Encryption beta These options are disabled by default in Cilium. Patches This issue was fixed by 42892. This issue affects: Cilium v1.1...
GO-2024-3072 Policy bypass for Host Firewall policy due to race condition in Cilium agent in github.com/cilium/cilium
Policy bypass for Host Firewall policy due to race condition in Cilium agent in github.com/cilium/cilium...
Policy bypass for Host Firewall policy due to race condition in Cilium agent
Impact A race condition in the Cilium agent can cause the agent to ignore labels that should be applied to a node. This could in turn cause CiliumClusterwideNetworkPolicies intended for nodes with the ignored label to not apply, leading to policy bypass. Patches This issue was fixed in...
CVE-2024-42488 Cilium agent's race condition may lead to policy bypass for Host Firewall policy
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.14.14 and 1.15.8, a race condition in the Cilium agent can cause the agent to ignore labels that should be applied to a node. This could in turn cause CiliumClusterwideNetworkPolicies...
BIT-HUBBLE-UI-2023-27595
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In version 1.13.0, when Cilium is started, there is a short period when Cilium eBPF programs are not attached to the host. During this period, the host does not implement any of Cilium's featureset. This ca...
BIT-HUBBLE-2023-27595
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In version 1.13.0, when Cilium is started, there is a short period when Cilium eBPF programs are not attached to the host. During this period, the host does not implement any of Cilium's featureset. This ca...
BIT-HUBBLE-RELAY-2023-27595 Cilium eBPF filters may be temporarily removed during agent restart
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In version 1.13.0, when Cilium is started, there is a short period when Cilium eBPF programs are not attached to the host. During this period, the host does not implement any of Cilium's featureset. This ca...
BIT-CILIUM-OPERATOR-2023-27595 Cilium eBPF filters may be temporarily removed during agent restart
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In version 1.13.0, when Cilium is started, there is a short period when Cilium eBPF programs are not attached to the host. During this period, the host does not implement any of Cilium's featureset. This ca...
Design/Logic Flaw
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In version 1.13.0, when Cilium is started, there is a short period when Cilium eBPF programs are not attached to the host. During this period, the host does not implement any of Cilium's featureset. This ca...
CVE-2023-27595 Cilium eBPF filters may be temporarily removed during agent restart
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In version 1.13.0, when Cilium is started, there is a short period when Cilium eBPF programs are not attached to the host. During this period, the host does not implement any of Cilium's featureset. This ca...
CVE-2023-27595
CVE-2023-27595 affects Cilium 1.13.0 where, on startup, a brief window occurs during which Cilium eBPF programs are not attached to the host, leaving the host without Cilium features. This can disrupt newly established connections due to lack of Load Balancing and may permit Network Policy bypass...