Severity by source
AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Kubernetes API is network-reachable justifying AV:N; RequestMirror only copies traffic so I:N and A:N; PR:H for required HTTPRoute RBAC; S:C for cross-namespace confidentiality exposure.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Lifecycle Timeline
3DescriptionCVE.org
Cilium is a networking, observability, and security solution. Prior to 1.17.17, 1.18.11, and 1.19.5, Cilium clusters using Gateway API allow users with permissions to create or update namespaced HTTPRoutes to mirror HTTP traffic to any Service in any namespace, bypassing the ReferenceGrant authorization mechanism. Gateway API functionality is disabled by default. This issue is fixed in versions 1.17.17, 1.18.11, and 1.19.5.
AnalysisAI
Cross-namespace traffic mirroring in Cilium's Gateway API implementation allows authenticated Kubernetes users holding HTTPRoute create or update permissions to duplicate HTTP traffic to arbitrary Services in any namespace, bypassing the ReferenceGrant authorization mechanism intended to enforce cross-namespace access control. Affected branches are Cilium 1.17.x before 1.17.17, 1.18.x before 1.18.11, and 1.19.x before 1.19.5. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Three conditions must all be met: (1) the Cilium Gateway API feature flag must have been explicitly enabled at cluster deployment time - it is disabled by default, so the majority of Cilium deployments are not exposed; (2) the attacker must hold Kubernetes RBAC create or update permissions on HTTPRoute resources in at least one namespace - standard developer, CI service-account, or read-only roles do not satisfy this unless explicitly granted; (3) the cluster must run a vulnerable Cilium version (1.17.x below 1.17.17, 1.18.x below 1.18.11, or 1.19.x below 1.19.5). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor-assigned CVSS 5.9 vector (AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L) places this in medium severity. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A Kubernetes developer with create/update permissions on HTTPRoute objects in their application namespace crafts an HTTPRoute containing a RequestMirror filter whose BackendRef points to a Service in a sensitive or privileged namespace - such as a payments processing namespace or kube-system - without any corresponding ReferenceGrant authorizing the cross-namespace reference. Cilium's Gateway API operator ingests the route and, absent the missing authorization check in the pre-patch code, programs the dataplane to duplicate all matched HTTP requests to the attacker-designated mirror endpoint, exposing live traffic that may contain authentication credentials, session tokens, or business-sensitive data. … |
| Remediation | Vendor-released patches are available - upgrade to Cilium v1.17.17, v1.18.11, or v1.19.5 according to the branch in use; release tags are at https://github.com/cilium/cilium/releases/tag/v1.17.17, https://github.com/cilium/cilium/releases/tag/v1.18.11, and https://github.com/cilium/cilium/releases/tag/v1.19.5. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated critical severity (CVSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated critical severity (CVSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated high severity (CVSS 8.7
Cilium is open source software for providing and securing network connectivity and loadbalancing between application wor
Cilium is open source software for providing and securing network connectivity and loadbalancing between application wor
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated high severity (CVSS 8.1
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated low severity (CVSS 3.5)
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated high severity (CVSS 7.3
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated high severity (CVSS 7.2
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated high severity (CVSS 7.2
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 6
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 6
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44773