PT-2026-30013 · Vmware · Antreas
Antoninbas
·
Published
2026-04-03
·
Updated
2026-04-27
·
CVE-2026-34992
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Antrea versions prior to 2.4.5 and 2.5.2
Description
Antrea, a Kubernetes networking solution, has a missing encryption issue affecting inter-Node Pod traffic. In dual-stack networking clusters with IPsec encryption enabled (
trafficEncryptionMode: ipsec), IPv6 Pod traffic is not encrypted, while IPv4 traffic is correctly encrypted via ESP (Encapsulating Security Payload). This occurs because IPv6 packets bypass the IPsec encryption layer during encapsulation using Geneve or VXLAN. Single-stack IPv4 or IPv6 clusters are not affected.Recommendations
Upgrade to Antrea version 2.4.5 or later.
Upgrade to Antrea version 2.5.2 or later.
Upgrade to Antrea version 2.6.0 or later.
Fix
Missing Encryption of Sensitive Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Antreas