Skip to main content

Cilium CVE-2026-56743

| EUVDEUVD-2026-44774 MEDIUM
Incorrect Authorization (CWE-863)
2026-07-15 GitHub_M
5.4
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
5.4 MEDIUM
AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
vuln.today AI
5.4 MEDIUM

Adjacent vector because exploitation requires a pod inside the cluster; PR:L because any standard workload suffices; S:C because the bypass escapes the policy boundary to affect peer workloads; no availability impact.

3.1 AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
4.0 AV:A/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

3
Patch available
Jul 15, 2026 - 21:18 EUVD
Source Code Evidence Fetched
Jul 15, 2026 - 20:01 vuln.today
Analysis Generated
Jul 15, 2026 - 20:01 vuln.today

DescriptionCVE.org

Cilium is a networking, observability, and security solution. From 1.19.0 to 1.19.4, standard Kubernetes NetworkPolicy specifications using CIDR-based ipBlock rules without pod or namespace selectors erroneously generate a wildcard namespace allow rule when Cilium is configured with a custom clusterName rather than the default any value. The parser incorrectly instantiates a pod selector on selectorless peer definitions, allowing traffic from other workloads in the same namespace as the subject of the policy. This issue is fixed in version 1.19.5.

AnalysisAI

Network policy bypass in Cilium 1.19.0-1.19.4 allows workloads inside a Kubernetes namespace to reach peers that CIDR-based ipBlock NetworkPolicies should block. The flaw surfaces exclusively when Cilium is deployed with a custom clusterName (any value other than the default 'any'): the network-policy parser in parseNetworkPolicyPeer erroneously instantiates an empty pod selector for selectorless ipBlock peers, which compiles into a wildcard namespace-allow rule instead of a pure CIDR rule. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Deploy or compromise pod in target namespace
Delivery
Identify service protected by ipBlock-only NetworkPolicy
Exploit
Send traffic directly to protected service endpoint
Execution
Cilium wildcard rule permits intra-namespace traffic
Impact
Access restricted service data or APIs

Vulnerability AssessmentAI

Exploitation Three specific conditions must ALL be present simultaneously. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The provided CVSS 3.1 vector AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N yields a score of 5.4 (Medium), which is a reasonable reflection of real-world risk with important caveats. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with the ability to deploy or compromise a pod in a Kubernetes namespace targets a service whose NetworkPolicy restricts inbound traffic to a specific external CIDR range via an ipBlock rule with no pod or namespace selectors. Because Cilium erroneously appends a wildcard intra-namespace allow rule, the attacker's pod can reach the target service over any port even though the policy should block intra-namespace traffic. …
Remediation Upgrade Cilium to version 1.19.5, which contains the corrected parseNetworkPolicyPeer() logic in pkg/k8s/network_policy.go (commits 1c84ae3b58a7cd54f7ee355e6c524c82f620eae8 and bacea640404c0805c23515353dc1681c5bf35171). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-1974 CRITICAL POC
9.8 Mar 25

A critical vulnerability in Kubernetes ingress-nginx controller allows unauthenticated attackers with pod network access

CVE-2026-45321 CRITICAL POC
9.6 May 12

Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio

CVE-2025-1098 HIGH POC
8.8 Mar 25

Kubernetes ingress-nginx contains a configuration injection vulnerability via the mirror-target and mirror-host Ingress

CVE-2025-24514 HIGH POC
8.8 Mar 25

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingres

CVE-2025-1097 HIGH POC
8.8 Mar 25

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-c

CVE-2020-8554 MEDIUM POC
6.3 Jan 21

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.exter

CVE-2025-55190 CRITICAL POC
9.9 Sep 04

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated critical severity (CVSS 9.9), this vulne

CVE-2018-18843 CRITICAL POC
10.0 Dec 04

The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4

CVE-2026-22039 CRITICAL POC
9.9 Jan 27

Kyverno Kubernetes policy engine prior to 1.x has a privilege escalation vulnerability (CVSS 9.9) allowing policy bypass

CVE-2024-42480 CRITICAL POC
9.9 Aug 12

Kamaji is the Hosted Control Plane Manager for Kubernetes. Rated critical severity (CVSS 9.9), this vulnerability is rem

CVE-2023-28110 CRITICAL POC
9.9 Mar 16

Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, ref

CVE-2026-25996 CRITICAL POC
9.8 Feb 12

String filter bypass in Inspektor Gadget Kubernetes eBPF tooling before fix. Insufficient string escaping enables filter

Share

CVE-2026-56743 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy