Networking Vulnerability in Cilium by Isovalent
CVE-2026-26963

6.1MEDIUM

Key Information:

Vendor

Cilium

Status
Cilium
Vendor
CVE Published:
19 February 2026

What is CVE-2026-26963?

The vulnerability in Cilium allows unauthorized network traffic between Pods located on different nodes when Native Routing, WireGuard, and Node Encryption features are enabled. This issue compromises the expected traffic control, making systems susceptible to potential unauthorized access. This flaw impacts Cilium versions 1.18.0 through 1.18.5 and has been successfully patched in version 1.18.6. For detailed information, refer to the official advisories and release notes.

Affected Version(s)

cilium >= 1.18.0, < 1.18.6

References

https://github.com/cilium/cilium/security/advisories/GHSA...
x_refsource_CONFIRM
https://github.com/cilium/cilium/pull/42892
x_refsource_MISC
https://github.com/cilium/cilium/commit/88e28e1e62c0b1a02...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.