Local Access Vulnerability in Cilium Networking Solution
CVE-2026-49445
9.2CRITICAL
What is CVE-2026-49445?
Cilium, a robust networking, observability, and security solution, exhibits a serious local access vulnerability related to its L7 functionality. Prior to the releases 1.17.14, 1.18.8, and 1.19.2, the Envoy instance—whether embedded or standalone—creates a world-accessible admin socket on cluster nodes. This design flaw allows local attackers to exploit Envoy admin endpoints, potentially exposing TLS secrets, compromising cluster traffic, and even terminating the Envoy service itself. The issue has been resolved in the specified versions.
Affected Version(s)
cilium < 1.17.14 < 1.17.14
cilium >= 1.18.0, < 1.18.8 < 1.18.0, 1.18.8
cilium >= 1.19.0, < 1.19.2 < 1.19.0, 1.19.2
