PT-2026-60281 · Cilium · Cilium
Published
2026-07-15
·
Updated
2026-07-15
·
CVE-2026-56742
CVSS v3.1
5.9
Medium
| Vector | AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L |
Cilium is a networking, observability, and security solution. Prior to 1.17.17, 1.18.11, and 1.19.5, Cilium clusters using Gateway API allow users with permissions to create or update namespaced HTTPRoutes to mirror HTTP traffic to any Service in any namespace, bypassing the ReferenceGrant authorization mechanism. Gateway API functionality is disabled by default. This issue is fixed in versions 1.17.17, 1.18.11, and 1.19.5.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cilium