CVE-2026-25804

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions Antrea versions prior to 2.3.2 Antrea versions prior to 2.4.3

Description Antrea, a Kubernetes networking solution, contains a flaw in its network policy priority assignment system. A uint16 arithmetic overflow bug leads to incorrect OpenFlow priority calculations when managing a significant number of policies with diverse priority values. This can result in incorrect traffic enforcement.

Recommendations Update to Antrea version 2.3.2 or later. Update to Antrea version 2.4.3 or later.

Exploit

Fix

Allocation of Resources Without Limits

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-287

Related Identifiers

CVE-2026-25804

GHSA-86X4-WP9F-WRR9

GO-2026-4461

SUSE-SU-2026:0757-1

Affected Products

Antreas

CVE-2026-25804

Weakness Enumeration

Related Identifiers

Affected Products

References · 123