CVE-2026-53935
CiliumLocalRedirectPolicy addressMatcher allows cross-namespace service traffic hijacking and can break service translation
CVSS Score
6.9
EPSS Score
0.0%
EPSS Percentile
0th
Cilium is a networking, observability, and security solution. Prior to 1.17.16, from 1.18.2 to 1.18.9, and from 1.19.0 to 1.19.3, users with the ability to create CiliumLocalRedirectPolicies can specify arbitrary ClusterIPs via addressMatcher, enabling hijacking traffic to Services in any namespace and bypassing namespace scoping enforced by serviceMatcher; deleting such a policy can also corrupt Cilium internal service state and stop service translation for the affected Service. This issue is fixed in versions 1.17.16, 1.18.10, and 1.19.4.
| CWE | CWE-863 |
| Vendor | cilium |
| Product | cilium |
| Published | Jul 7, 2026 |
| Last Updated | Jul 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for cilium cilium
Be the first to know when new medium vulnerabilities affecting cilium cilium are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
High
Affected Versions
cilium / cilium
< 1.17.16 >= 1.18.2, < 1.18.10 >= 1.19.0, < 1.19.4
References
github.com: https://github.com/cilium/cilium/security/advisories/GHSA-q6h5-q3q6-f87x github.com: https://github.com/cilium/cilium/pull/45412 github.com: https://github.com/cilium/cilium/pull/45584 github.com: https://github.com/cilium/cilium/pull/45585 github.com: https://github.com/cilium/cilium/commit/81d446395673dc2c684c047c12715caffac1a351 github.com: https://github.com/cilium/cilium/commit/92ca32eda85aa0c7611c28221cc26fa08be17ebc github.com: https://github.com/cilium/cilium/commit/fe7eb53c7aac9fa7ec610b1975d73fbbb198c66d