Kubernetes Networking Vulnerability in Cilium from Isovalent
CVE-2026-56743

5.4MEDIUM

Key Information:

Vendor

Cilium

Status
Vendor
CVE Published:
15 July 2026

What is CVE-2026-56743?

Cilium, a networking, observability, and security solution for Kubernetes, presents a vulnerability in versions 1.19.0 to 1.19.4. In these versions, the use of standard Kubernetes NetworkPolicy specifications with CIDR-based ipBlock rules can lead to a wildcard namespace allow rule when configured with a custom clusterName. This issue arises due to the implementation errors in the parser that incorrectly creates a pod selector for selectorless definitions. Consequently, this flaw permits unauthorized traffic from other workloads in the same namespace, potentially exposing sensitive data and resources. The vulnerability has been addressed in version 1.19.5.

Affected Version(s)

cilium >= 1.19.0, < 1.19.5

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.