What is the CVSS score of CVE-2026-25804?

CVE-2026-25804 has a CVSS 3.1 base score of 9.1 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Kubernetes are affected by CVE-2026-25804?

A critical vulnerability (CVSS 9.1) in Antrea Kubernetes networking could allow attackers to compromise cluster networking, potentially enabling unauthorized access to containerized applications and…. A patch is available.

Kubernetes CVE-2026-25804

CRITICAL

Improper Authentication (CWE-287)

2026-02-06 security-advisories@github.com

GHSA-86x4-wp9f-wrr9

Kubernetes Antrea Suse

9.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:54 vuln.today

Patch released

Feb 28, 2026 - 00:30 nvd

Patch available

CVE Published

Feb 06, 2026 - 23:15 nvd

CRITICAL 9.1

DescriptionNVD

Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to versions 2.3.2 and 2.4.3, Antrea's network policy priority assignment system has a uint16 arithmetic overflow bug that causes incorrect OpenFlow priority calculations when handling a large numbers of policies with various priority values. This results in potentially incorrect traffic enforcement. This issue has been patched in versions 2.4.3.

AnalysisAI

Antrea Kubernetes networking has an authentication bypass enabling unauthorized access to the Kubernetes network policy infrastructure.

RemediationAI

Within 24 hours: Identify all Kubernetes clusters running Antrea and their current versions. Within 7 days: Apply the available vendor patch to all affected Antrea deployments, prioritizing production environments and those handling sensitive workloads. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

CVE-2026-25804 vulnerability details – vuln.today

Back

Kubernetes CVE-2026-25804

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code