Encryption Flaw in Antrea Networking Solution for Kubernetes
CVE-2026-34992

7.1HIGH

Key Information:

Vendor

Antrea-io

Status
Antrea
Vendor
CVE Published:
6 April 2026

What is CVE-2026-34992?

Antrea, a networking solution designed for Kubernetes, contains a flaw that affects inter-Node Pod traffic in clusters configured for dual-stack networking with IPsec encryption enabled. Specifically, while IPv4 traffic is successfully encrypted using ESP (Encapsulating Security Payload), IPv6 Pod traffic is transmitted in plaintext due to the failure to apply IPsec encryption to encapsulated packets. This vulnerability specifically impacts users operating dual-stack clusters; however, single-stack deployments for either IPv4 or IPv6 are not affected. The issue has been resolved in versions 2.4.5 and 2.5.2.

Affected Version(s)

antrea < 2.4.5 < 2.4.5

antrea >= 2.5.0, < 2.5.2 < 2.5.0, 2.5.2

References

https://github.com/antrea-io/antrea/security/advisories/G...
x_refsource_CONFIRM
https://github.com/antrea-io/antrea/pull/7757
x_refsource_MISC
https://github.com/antrea-io/antrea/pull/7759
x_refsource_MISC

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.