Cilium Networking Solution Vulnerability Enables Traffic Hijacking
CVE-2026-53935

6.9MEDIUM

Key Information:

Vendor

Cilium

Status
Vendor
CVE Published:
7 July 2026

What is CVE-2026-53935?

A vulnerability exists in Cilium, a leading networking, observability, and security solution, allowing users with the permission to create CiliumLocalRedirectPolicies to specify arbitrary ClusterIPs through the addressMatcher. This enables an attacker to hijack traffic directed towards Services across any namespace, undermining the namespace isolation typically enforced by serviceMatcher. Furthermore, removing such a policy may corrupt internal service states within Cilium, disrupting service translation for the affected Services. This issue has been addressed in subsequent Cilium versions.

Affected Version(s)

cilium < 1.17.16 < 1.17.16

cilium >= 1.18.2, < 1.18.10 < 1.18.2, 1.18.10

cilium >= 1.19.0, < 1.19.4 < 1.19.0, 1.19.4

References

CVSS V3.1

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.