Authorization Bypass in Cilium Networking Solution
CVE-2026-56742

5.9MEDIUM

Key Information:

Vendor

Cilium

Status
Vendor
CVE Published:
15 July 2026

What is CVE-2026-56742?

Cilium, a robust networking and security solution, has a vulnerability that affects its Gateway API functionality. This vulnerability allows users with permission to modify namespaced HTTPRoutes to redirect HTTP traffic towards any Service across any namespace, effectively circumventing the existing ReferenceGrant authorization checks. Although Gateway API functionality is disabled by default, users should ensure they upgrade to versions 1.17.17, 1.18.11, or 1.19.5 to mitigate the risk associated with this issue.

Affected Version(s)

cilium < 1.17.17 < 1.17.17

cilium >= 1.18.0, < 1.18.11 < 1.18.0, 1.18.11

cilium >= 1.19.0, < 1.19.5 < 1.19.0, 1.19.5

References

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.