CVE-2026-49445
Cilium: Sensitive information disclosure and cluster disruption via local Envoy admin socket access
CVSS Score
9.2
EPSS Score
0.0%
EPSS Percentile
0th
Cilium is a networking, observability, and security solution. Prior to 1.17.14, 1.18.8, and 1.19.2, when Cilium L7 functionality is enabled, the embedded or standalone Envoy instance creates a world-accessible admin.sock on cluster nodes, allowing a local attacker to access Envoy admin endpoints, expose TLS secrets, disrupt cluster traffic, or terminate Envoy. This issue is fixed in versions 1.17.14, 1.18.8, and 1.19.2.
| CWE | CWE-732 |
| Vendor | cilium |
| Product | cilium |
| Published | Jul 15, 2026 |
Stay Ahead of the Next One
Get instant alerts for cilium cilium
Be the first to know when new critical vulnerabilities affecting cilium cilium are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
Low
Availability
High
Affected Versions
cilium / cilium
< 1.17.14 >= 1.18.0, < 1.18.8 >= 1.19.0, < 1.19.2
References
github.com: https://github.com/cilium/cilium/security/advisories/GHSA-3fcv-jvfp-m4q9 github.com: https://github.com/cilium/cilium/pull/44512 github.com: https://github.com/cilium/cilium/commit/7bfbdd5c1be83d6c9ba3e089b4c804b6603505b6 github.com: https://github.com/cilium/cilium/releases/tag/v1.17.14 github.com: https://github.com/cilium/cilium/releases/tag/v1.18.8 github.com: https://github.com/cilium/cilium/releases/tag/v1.19.2