Local Access Vulnerability in Cilium Networking Solution
CVE-2026-49445

9.2CRITICAL

Key Information:

Vendor

Cilium

Status
Vendor
CVE Published:
15 July 2026

What is CVE-2026-49445?

Cilium, a robust networking, observability, and security solution, exhibits a serious local access vulnerability related to its L7 functionality. Prior to the releases 1.17.14, 1.18.8, and 1.19.2, the Envoy instance—whether embedded or standalone—creates a world-accessible admin socket on cluster nodes. This design flaw allows local attackers to exploit Envoy admin endpoints, potentially exposing TLS secrets, compromising cluster traffic, and even terminating the Envoy service itself. The issue has been resolved in the specified versions.

Affected Version(s)

cilium < 1.17.14 < 1.17.14

cilium >= 1.18.0, < 1.18.8 < 1.18.0, 1.18.8

cilium >= 1.19.0, < 1.19.2 < 1.19.0, 1.19.2

References

CVSS V3.1

Score:
9.2
Severity:
CRITICAL
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.