Back to CVE List

CVE-2026-56742

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
5.9 / 10
Vector String
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

Vulnerability Description

Cilium is a networking, observability, and security solution. Prior to 1.17.17, 1.18.11, and 1.19.5, Cilium clusters using Gateway API allow users with permissions to create or update namespaced HTTPRoutes to mirror HTTP traffic to any Service in any namespace, bypassing the ReferenceGrant authorization mechanism. Gateway API functionality is disabled by default. This issue is fixed in versions 1.17.17, 1.18.11, and 1.19.5.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-862
Source
NVD
Vendor
cilium
Product
cilium

External References

Discussion (0)

Add Comment

No comments yet. Be the first!