CVE-2026-41520
Cillium exposes sensitive information included in the cilium-bugtool debug archive
CVSS Score
7.9
EPSS Score
0.0%
EPSS Percentile
0th
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.15, 1.18.9, and 1.19.3, the output of cilium-bugtool can contain sensitive data when the tool is run against Cilium deployments with WireGuard encryption enabled. This issue has been patched in versions 1.17.15, 1.18.9, and 1.19.3.
| CWE | CWE-200 CWE-312 |
| Vendor | cilium |
| Product | cilium |
| Published | May 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for cilium cilium
Be the first to know when new high vulnerabilities affecting cilium cilium are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None
Affected Versions
cilium / cilium
< 1.17.15 >= 1.18.0, < 1.18.9 >= 1.19.0, < 1.19.3