10 matches found
BIT-HUBBLE-RELAY-2026-33726 Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is...
BIT-CILIUM-2026-33726 Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is...
BIT-CILIUM-OPERATOR-2026-33726 Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is...
CVE-2026-33726 Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is...
CVE-2026-33726 Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is...
CVE-2026-33726
CVE-2026-33726 affects Cilium’s eBPF dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services (Envoy, GAMMA) on the same node when Per-Endpoint Routing is enabled and BPF Host Routing is disabled. Per-Endpoint Routing...
GO-2026-4856 Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic in github.com/cilium/cilium
Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic in github.com/cilium/cilium...
EUVD-2026-16503
Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic...
GHSA-HXV8-4J4R-CQGV Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic
Impact Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is enabled and BPF Host Routing is disabled. Per-Endpoint Routing is disabled by default, but is automatically enabled in deployments...
Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic
Impact Ingress Network Policies are not enforced for traffic from pods to L7 Services Envoy, GAMMA with a local backend on the same node, when Per-Endpoint Routing is enabled and BPF Host Routing is disabled. Per-Endpoint Routing is disabled by default, but is automatically enabled in deployments...