Skip to content
CVSS 9.2 · CRITICAL

CVE-2026-49445

Cilium is a networking, observability, and security solution. Prior to 1.17.14, 1.18.8, and 1.19.2, when Cilium L7 functionality is enabled, the embedded or standalone Envoy instance creates a world-accessible admin.sock on cluster nodes, allowing a local attacker to access Envoy admin endpoints, expose TLS secrets, disrupt cluster traffic, or terminate Envoy. This issue is fixed in versions 1.17.14, 1.18.8, and 1.19.2.

Ver en NVD

Análisis

Cilium networking installations are vulnerable to local privilege escalation and data theft via a world-accessible Envoy admin socket. Attackers with access to a node or a compromised pod can expose TLS secrets, terminate Envoy processes, or disrupt cluster-wide traffic. Users should upgrade to Cilium 1.17.14, 1.18.8, or 1.19.2 immediately.

Roles relevantes

CloudCyberSecurityBackendKubernetesDockerLinux

Severidad

Puntaje: 9.2(CRITICAL)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H
AV: LOCAL
AC: LOW
PR: NONE
UI: NONE
S: CHANGED
C: HIGH
I: LOW
A: HIGH
Tipo de falla (CWE): CWE-732

EPSS

Sin puntaje EPSS aún (CVE muy reciente).

Descripción técnica

Cilium is a networking, observability, and security solution. Prior to 1.17.14, 1.18.8, and 1.19.2, when Cilium L7 functionality is enabled, the embedded or standalone Envoy instance creates a world-accessible admin.sock on cluster nodes, allowing a local attacker to access Envoy admin endpoints, expose TLS secrets, disrupt cluster traffic, or terminate Envoy. This issue is fixed in versions 1.17.14, 1.18.8, and 1.19.2.

Publicada: 15/7/2026, 20:17:10
Última modificación: 15/7/2026, 20:54:43

Referencias

InicioEventosBlogRecursosEquipo