← Back to CVE List
CVE-2026-49445NVD
Vulnerability Summary
### Impact
When Cilium L7 functionality is enabled on a cluster, the Envoy instance supporting this functionality creates a world-accessible socket on cluster nodes. A local attacker would be able to access Envoy admin endpoints. Depending on deployment configuration, this can expose sensitive information or allow disruptive administrative operations, such as:
- Exposing TLS secrets
- Disrupting traffic in the cluster
- Terminating the Envoy process
This issue affects both the embedded and standalone Envoy deployment models.
### Patches
This issue affects:
- Cilium v1.19 between v1.19.0 and v1.19.1 inclusive
- Cilium v1.18 between v1.18.0 and v1.18.7 inclusive
- All versions of Cilium prior to v1.17.14
This issue has been patched in https://github.com/cilium/cilium/pull/44512, included in:
- Cilium v1.19.2
- Cilium v1.18.8
- Cilium v1.17.14
### Workarounds
There is no known workaround to this issue.
### Acknowledgements
The Cilium community has worked together with members of Isovalent to prepare these mitigations. Special thanks to [moemen](https://github.com/moemen) for reporting the issue and [0xch4z](https://github.com/0xch4z) for their work on triaging and remediating this issue.
### For more information
If there are any questions or comments about this advisory, please reach out on [Slack (https://docs.cilium.io/en/latest/community/community/).
If anyone thinks they have found a vulnerability affecting Cilium, it is strongly encouraged to report it to the security mailing list at [security@cilium.io](mailto:security@cilium.io). This is a private mailing list for the Cilium security team, and the report will be treated as a top priority.
When Cilium L7 functionality is enabled on a cluster, the Envoy instance supporting this functionality creates a world-accessible socket on cluster nodes. A local attacker would be able to access Envoy admin endpoints. Depending on deployment configuration, this can expose sensitive information or allow disruptive administrative operations, such as:
- Exposing TLS secrets
- Disrupting traffic in the cluster
- Terminating the Envoy process
This issue affects both the embedded and standalone Envoy deployment models.
### Patches
This issue affects:
- Cilium v1.19 between v1.19.0 and v1.19.1 inclusive
- Cilium v1.18 between v1.18.0 and v1.18.7 inclusive
- All versions of Cilium prior to v1.17.14
This issue has been patched in https://github.com/cilium/cilium/pull/44512, included in:
- Cilium v1.19.2
- Cilium v1.18.8
- Cilium v1.17.14
### Workarounds
There is no known workaround to this issue.
### Acknowledgements
The Cilium community has worked together with members of Isovalent to prepare these mitigations. Special thanks to [moemen](https://github.com/moemen) for reporting the issue and [0xch4z](https://github.com/0xch4z) for their work on triaging and remediating this issue.
### For more information
If there are any questions or comments about this advisory, please reach out on [Slack (https://docs.cilium.io/en/latest/community/community/).
If anyone thinks they have found a vulnerability affecting Cilium, it is strongly encouraged to report it to the security mailing list at [security@cilium.io](mailto:security@cilium.io). This is a private mailing list for the Cilium security team, and the report will be treated as a top priority.
CVSS v3.1 Base Metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeChanged
ConfidentialityHigh
IntegrityLow
AvailabilityHigh