CVE-2026-26963

MEDIUM 6.1

Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled

CVSS Score

6.1

EPSS Score

0.0%

EPSS Percentile

0th

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, WireGuard and Node Encryption are enabled. This issue has been fixed in version 1.18.6.

CWE	CWE-863
Vendor	cilium
Product	cilium
Published	Feb 19, 2026
Last Updated	Feb 20, 2026

Stay Ahead of the Next One

Get instant alerts for cilium cilium

Be the first to know when new medium vulnerabilities affecting cilium cilium are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Affected Versions

cilium / cilium

>= 1.18.0, < 1.18.6

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/cilium/cilium/security/advisories/GHSA-5r23-prx4-mqg3 github.com: https://github.com/cilium/cilium/pull/42892 github.com: https://github.com/cilium/cilium/commit/88e28e1e62c0b1a02c3f0fc22d888ac9eefbe885 github.com: https://github.com/cilium/cilium/releases/tag/v1.18.6