Amazon · Eks · CVE-2026-33726
**Name of the Vulnerable Software and Affected Versions**
Cilium versions prior to 1.17.14
Cilium versions 1.18.0 through 1.18.7
Cilium versions 1.19.0 through 1.19.1
**Description**
Cilium is a networking, observability, and security solution utilizing an eBPF-based dataplane. Ingress Network Policies are not enforced for traffic originating from pods destined for L7 Services (Envoy, GAMMA) with a local backend residing on the same node when Per-Endpoint Routing is enabled and BPF Host Routing is disabled. Per-Endpoint Routing is enabled automatically in deployments employing cloud IPAM, including Cilium ENI on EKS (`eni.enabled`), AlibabaCloud ENI (`alibabacloud.enabled`), Azure IPAM (`azure.enabled`, excluding AKS BYOCNI), and certain GKE deployments (`gke.enabled`). This issue primarily impacts Amazon EKS with Cilium ENI mode. The affected API endpoints are L7 Services such as `/api/v1/login` and `/users/{id}`. The vulnerable parameter is the destination IP address of the traffic.
**Recommendations**
Versions prior to 1.17.14: Upgrade to version 1.17.14 or later.
Versions 1.18.0 through 1.18.7: Upgrade to version 1.18.8 or later.
Versions 1.19.0 through 1.19.1: Upgrade to version 1.19.2 or later.