Skip to main content

cilium ebpf CVE-2026-10722

| EUVD-2026-34082 LOW
Integer Overflow or Wraparound (CWE-190)
2026-06-03 VulDB GHSA-xhgw-qwwf-pg32
Information Disclosure Integer Overflow Ebpf
1.9
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
1.9 LOW
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
CVSS changed
Jun 03, 2026 - 13:22 NVD
3.3 (LOW) 1.9 (LOW)
Source Code Evidence Fetched
Jun 03, 2026 - 12:54 vuln.today
Analysis Generated
Jun 03, 2026 - 12:54 vuln.today

DescriptionCVE.org

A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation leads to integer overflow. The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The name of the patch is 533dfc82fd228bfadf42ea7180c39de7d9af47fa. A patch should be applied to remediate this issue.

AnalysisAI

Integer overflow in the cilium/ebpf Go library (versions up to 0.21.0) allows a local authenticated user to cause an availability impact by supplying crafted BPF Type Format (BTF) data to the LoadCollectionSpec or LoadCollectionSpecFromReader APIs. The flaw resides in the loadRawSpec function where 32-bit header field arithmetic was performed using signed int types, enabling overflow to bypass bounds checks on StringOff, StringLen, TypeOff, and TypeLen fields. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain local authenticated shell access
Delivery
Craft malicious BTF blob with overflowing header field values
Exploit
Pass crafted input to LoadCollectionSpec or LoadCollectionSpecFromReader
Execution
Trigger integer overflow in loadRawSpec bounds check
Persist
Bypass buffer validation
Impact
Crash affected process (DoS)
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires local authenticated access with at minimum low-privilege credentials on the target system (PR:L, AV:L per CVSS vector). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 3.3 (Low) accurately reflects the constrained threat model: AV:L requires physical or shell-level local access, PR:L confirms a low-privileged authenticated user is required, and the impact is limited to A:L (partial availability degradation) with no confidentiality or integrity consequences (C:N/I:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local user with standard authenticated access to a developer workstation or container host supplies a maliciously crafted eBPF ELF object file with header fields StringOff, StringLen, TypeOff, or TypeLen set to values that overflow signed 32-bit arithmetic when summed. When an application calls LoadCollectionSpec on this file, the integer overflow bypasses the buffer bounds check in loadRawSpec, causing an out-of-bounds read and crashing the process. …
Remediation Apply the upstream fix by updating the cilium/ebpf dependency to a version that includes commit 533dfc82fd228bfadf42ea7180c39de7d9af47fa, available via PR #2021 at https://github.com/cilium/ebpf/pull/2021. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-10722 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy