CVE-2026-10722
cilium ebpf LoadCollectionSpec/LoadCollectionSpecFromReader btf.go loadRawSpec integer overflow
CVSS Score
3.3
EPSS Score
0.0%
EPSS Percentile
0th
A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation of the argument offset leads to integer overflow. The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The name of the patch is 533dfc82fd228bfadf42ea7180c39de7d9af47fa. A patch should be applied to remediate this issue.
| CWE | CWE-190 CWE-189 |
| Vendor | cilium |
| Product | ebpf |
| Published | Jun 3, 2026 |
| Last Updated | Jun 3, 2026 |
Stay Ahead of the Next One
Get instant alerts for cilium ebpf
Be the first to know when new low vulnerabilities affecting cilium ebpf are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
cilium / ebpf
0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 0.10 0.11 0.12 0.13 0.14 0.15 0.16 0.17 0.18 0.19 0.20 0.21.0
References
vuldb.com: https://vuldb.com/vuln/368091 vuldb.com: https://vuldb.com/vuln/368091/cti vuldb.com: https://vuldb.com/cve/CVE-2026-10722 vuldb.com: https://vuldb.com/submit/818291 github.com: https://github.com/cilium/ebpf/issues/2019 github.com: https://github.com/cilium/ebpf/pull/2021 gist.github.com: https://gist.github.com/thesmartshadow/256bff0f8042c584f993ace89074a815 github.com: https://github.com/cilium/ebpf/commit/533dfc82fd228bfadf42ea7180c39de7d9af47fa github.com: https://github.com/cilium/ebpf/
Credits
๐ alifiras (VulDB User) alifiras (VulDB User)