Skip to main content

Cilium EUVDEUVD-2026-44773

| CVE-2026-56742 MEDIUM
Missing Authorization (CWE-862)
2026-07-15 GitHub_M
5.9
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
5.9 MEDIUM
AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
vuln.today AI
4.1 MEDIUM

Kubernetes API is network-reachable justifying AV:N; RequestMirror only copies traffic so I:N and A:N; PR:H for required HTTPRoute RBAC; S:C for cross-namespace confidentiality exposure.

3.1 AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
4.0 AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

3
Patch available
Jul 15, 2026 - 21:18 EUVD
Source Code Evidence Fetched
Jul 15, 2026 - 20:01 vuln.today
Analysis Generated
Jul 15, 2026 - 20:01 vuln.today

DescriptionCVE.org

Cilium is a networking, observability, and security solution. Prior to 1.17.17, 1.18.11, and 1.19.5, Cilium clusters using Gateway API allow users with permissions to create or update namespaced HTTPRoutes to mirror HTTP traffic to any Service in any namespace, bypassing the ReferenceGrant authorization mechanism. Gateway API functionality is disabled by default. This issue is fixed in versions 1.17.17, 1.18.11, and 1.19.5.

AnalysisAI

Cross-namespace traffic mirroring in Cilium's Gateway API implementation allows authenticated Kubernetes users holding HTTPRoute create or update permissions to duplicate HTTP traffic to arbitrary Services in any namespace, bypassing the ReferenceGrant authorization mechanism intended to enforce cross-namespace access control. Affected branches are Cilium 1.17.x before 1.17.17, 1.18.x before 1.18.11, and 1.19.x before 1.19.5. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Identify Cilium cluster with Gateway API enabled
Delivery
Obtain or abuse HTTPRoute create/update RBAC permission in a namespace
Exploit
Craft HTTPRoute with RequestMirror filter referencing sensitive cross-namespace Service
Install
Submit HTTPRoute to Kubernetes API
C2
Cilium operator ingests route without ReferenceGrant validation
Execute
Live HTTP traffic mirrored to attacker-controlled backend
Impact
Harvest credentials or sensitive data from mirrored requests

Vulnerability AssessmentAI

Exploitation Three conditions must all be met: (1) the Cilium Gateway API feature flag must have been explicitly enabled at cluster deployment time - it is disabled by default, so the majority of Cilium deployments are not exposed; (2) the attacker must hold Kubernetes RBAC create or update permissions on HTTPRoute resources in at least one namespace - standard developer, CI service-account, or read-only roles do not satisfy this unless explicitly granted; (3) the cluster must run a vulnerable Cilium version (1.17.x below 1.17.17, 1.18.x below 1.18.11, or 1.19.x below 1.19.5). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor-assigned CVSS 5.9 vector (AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L) places this in medium severity. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A Kubernetes developer with create/update permissions on HTTPRoute objects in their application namespace crafts an HTTPRoute containing a RequestMirror filter whose BackendRef points to a Service in a sensitive or privileged namespace - such as a payments processing namespace or kube-system - without any corresponding ReferenceGrant authorizing the cross-namespace reference. Cilium's Gateway API operator ingests the route and, absent the missing authorization check in the pre-patch code, programs the dataplane to duplicate all matched HTTP requests to the attacker-designated mirror endpoint, exposing live traffic that may contain authentication credentials, session tokens, or business-sensitive data. …
Remediation Vendor-released patches are available - upgrade to Cilium v1.17.17, v1.18.11, or v1.19.5 according to the branch in use; release tags are at https://github.com/cilium/cilium/releases/tag/v1.17.17, https://github.com/cilium/cilium/releases/tag/v1.18.11, and https://github.com/cilium/cilium/releases/tag/v1.19.5. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Cilium

View all
CVE-2023-39347 CRITICAL POC
9.0 Sep 27

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated critical severity (CVSS

CVE-2023-27595 CRITICAL
9.8 Mar 17

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated critical severity (CVSS

CVE-2024-47825 HIGH
8.7 Oct 21

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated high severity (CVSS 8.7

CVE-2022-29179 HIGH
8.2 May 20

Cilium is open source software for providing and securing network connectivity and loadbalancing between application wor

CVE-2022-29178 HIGH
8.2 May 20

Cilium is open source software for providing and securing network connectivity and loadbalancing between application wor

CVE-2023-41333 HIGH
8.1 Sep 27

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated high severity (CVSS 8.1

CVE-2023-41332 LOW POC
3.5 Sep 27

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated low severity (CVSS 3.5)

CVE-2023-27594 HIGH
7.3 Mar 17

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated high severity (CVSS 7.3

CVE-2024-42486 HIGH
7.2 Aug 16

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated high severity (CVSS 7.2

CVE-2024-28248 HIGH
7.2 Mar 18

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated high severity (CVSS 7.2

CVE-2024-42488 MEDIUM
6.8 Aug 15

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 6

CVE-2024-28860 MEDIUM
6.8 Mar 27

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 6

Share

EUVD-2026-44773 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy