PT-2026-56056 · Cilium · Cilium

Ysksuzuki

·

Published

2026-07-06

·

Updated

2026-07-07

·

CVE-2026-53935

CVSS v3.1

6.9

Medium

VectorAV:A/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H
Name of the Vulnerable Software and Affected Versions Cilium versions 1.19.0 through 1.19.3 Cilium versions 1.18.2 through 1.18.9 Cilium versions prior to 1.17.16
Description Users capable of creating CiliumLocalRedirectPolicies can specify arbitrary ClusterIPs using the addressMatcher parameter. This allows for the hijacking of traffic to Services in any namespace, which bypasses the namespace-scoping guarantees typically enforced by the serviceMatcher. Furthermore, the deletion of such a policy can corrupt the internal service state of Cilium, potentially causing service translation to fail completely for the affected Service.
Recommendations Update to version 1.19.4 Update to version 1.18.10 Update to version 1.17.16

Fix

Open Redirect

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-53935
GHSA-Q6H5-Q3Q6-F87X
GO-2026-5914

Affected Products

Cilium