PT-2026-60281 · Cilium · Cilium

Publicado

2026-07-15

·

Atualizado

2026-07-15

·

CVE-2026-56742

CVSS v3.1

5.9

Média

VetorAV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Cilium is a networking, observability, and security solution. Prior to 1.17.17, 1.18.11, and 1.19.5, Cilium clusters using Gateway API allow users with permissions to create or update namespaced HTTPRoutes to mirror HTTP traffic to any Service in any namespace, bypassing the ReferenceGrant authorization mechanism. Gateway API functionality is disabled by default. This issue is fixed in versions 1.17.17, 1.18.11, and 1.19.5.

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-56742

Produtos afetados

Cilium