Cilium Networking Solution Vulnerability Enables Traffic Hijacking
CVE-2026-53935
6.9MEDIUM
What is CVE-2026-53935?
A vulnerability exists in Cilium, a leading networking, observability, and security solution, allowing users with the permission to create CiliumLocalRedirectPolicies to specify arbitrary ClusterIPs through the addressMatcher. This enables an attacker to hijack traffic directed towards Services across any namespace, undermining the namespace isolation typically enforced by serviceMatcher. Furthermore, removing such a policy may corrupt internal service states within Cilium, disrupting service translation for the affected Services. This issue has been addressed in subsequent Cilium versions.
Affected Version(s)
cilium < 1.17.16 < 1.17.16
cilium >= 1.18.2, < 1.18.10 < 1.18.2, 1.18.10
cilium >= 1.19.0, < 1.19.4 < 1.19.0, 1.19.4
