PT-2026-56051 · Cilium+1 · Cilium+1

Published

2026-07-06

·

Updated

2026-07-07

·

CVE-2026-49445

CVSS v3.1

9.2

Critical

VectorAV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H
Name of the Vulnerable Software and Affected Versions Cilium versions 1.19.0 through 1.19.1 Cilium versions 1.18.0 through 1.18.7 Cilium versions prior to 1.17.14
Description When L7 functionality is enabled, the Envoy instance creates a world-accessible socket on cluster nodes. A local attacker can access Envoy admin endpoints, which may expose TLS secrets, disrupt cluster traffic, or terminate the Envoy process. This issue affects both embedded and standalone Envoy deployment models.
Recommendations Update Cilium versions 1.19.0 through 1.19.1 to version 1.19.2. Update Cilium versions 1.18.0 through 1.18.7 to version 1.18.8. Update Cilium versions prior to 1.17.14 to version 1.17.14.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-49445
GHSA-3FCV-JVFP-M4Q9
GO-2026-5905

Affected Products

Cilium
Envoy