CVE-2026-56742
MEDIUM SEVERITYCVSS Score & Metrics
Base Score
5.9 / 10
Vector String
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Vulnerability Description
Cilium is a networking, observability, and security solution. Prior to 1.17.17, 1.18.11, and 1.19.5, Cilium clusters using Gateway API allow users with permissions to create or update namespaced HTTPRoutes to mirror HTTP traffic to any Service in any namespace, bypassing the ReferenceGrant authorization mechanism. Gateway API functionality is disabled by default. This issue is fixed in versions 1.17.17, 1.18.11, and 1.19.5.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-862
Source
NVD
Vendor
cilium
Product
cilium
External References
- https://github.com/cilium/cilium/commit/7422068aff67ac77c7dcc57aa5b9240c91333deb
- https://github.com/cilium/cilium/commit/e0b1cef513ff910323f3743e9f3e3d86721e4857
- https://github.com/cilium/cilium/commit/f23929cff682d6ed0dc158070812cb302fc0032b
- https://github.com/cilium/cilium/commit/fd47963ea394d5e8fa4a88c40a79063430c512ca
- https://github.com/cilium/cilium/releases/tag/v1.17.17
- https://github.com/cilium/cilium/releases/tag/v1.18.11
- https://github.com/cilium/cilium/releases/tag/v1.19.5
- https://github.com/cilium/cilium/security/advisories/GHSA-w7c2-w76w-5hmj
Discussion (0)
Add Comment
No comments yet. Be the first!