Oblazek

**Name of the Vulnerable Software and Affected Versions** Cilium versions 1.16.0 through 1.16.7 Cilium versions 1.17.0 through 1.17.1 **Description** The issue affects Cilium, a networking, observability, and security solution with an eBPF-based dataplane. Node-based network policies, specifically those using `fromNodes` and `toNodes`, will incorrectly permit traffic to and from non-node endpoints that share the labels specified in these policy sections. This occurs because node-based network policy is not properly enforced, allowing unintended access. The issue is not related to any specific number of potentially affected devices worldwide or real-world incidents. **Recommendations** For Cilium versions 1.16.0 through 1.16.7, update to version 1.16.8 or later to resolve the issue. For Cilium versions 1.17.0 through 1.17.1, update to version 1.17.2 or later to resolve the issue. As a temporary workaround, ensure that the labels used in `fromNodes` and `toNodes` fields are used exclusively by nodes and not by other endpoints to mitigate the risk of exploitation.