CVE Watchtower


← Back to CVE List

CVE-2026-49445NVD

Vulnerability Summary

### Impact

When Cilium L7 functionality is enabled on a cluster, the Envoy instance supporting this functionality creates a world-accessible socket on cluster nodes. A local attacker would be able to access Envoy admin endpoints. Depending on deployment configuration, this can expose sensitive information or allow disruptive administrative operations, such as:

- Exposing TLS secrets
- Disrupting traffic in the cluster
- Terminating the Envoy process

This issue affects both the embedded and standalone Envoy deployment models.

### Patches

This issue affects:

- Cilium v1.19 between v1.19.0 and v1.19.1 inclusive
- Cilium v1.18 between v1.18.0 and v1.18.7 inclusive
- All versions of Cilium prior to v1.17.14

This issue has been patched in https://github.com/cilium/cilium/pull/44512, included in:

- Cilium v1.19.2
- Cilium v1.18.8
- Cilium v1.17.14

### Workarounds

There is no known workaround to this issue.

### Acknowledgements

The Cilium community has worked together with members of Isovalent to prepare these mitigations. Special thanks to [moemen](https://github.com/moemen) for reporting the issue and [0xch4z](https://github.com/0xch4z) for their work on triaging and remediating this issue.

### For more information

If there are any questions or comments about this advisory, please reach out on [Slack (https://docs.cilium.io/en/latest/community/community/).

If anyone thinks they have found a vulnerability affecting Cilium, it is strongly encouraged to report it to the security mailing list at [security@cilium.io](mailto:security@cilium.io). This is a private mailing list for the Cilium security team, and the report will be treated as a top priority.
Severity Level
CRITICAL(9.2)
Published Date
Jul 6, 2026
Last Modified
Jul 6, 2026
Exploitation Status
No confirmed exploitation yet
EPSS Score (30-Day)
Data Pending
Root Weakness (CWE)
N/A
CVSS v3.1 Base Metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeChanged
ConfidentialityHigh
IntegrityLow
AvailabilityHigh

External References