← back
CVE-2026-56742mediumCWE-862

Cilium: Namespaced HTTPRoutes can redirect traffic to other namespaces

13Vexday Risk Score

No sign of exploitation. No public exploitation artifact known so far.

ssvc Trackcvss 5.9epss 0.2%
exploitation probability
0.2%top 90% of all CVEs
observed exploitation
nono source reports it
Cilium is a networking, observability, and security solution. Prior to 1.17.17, 1.18.11, and 1.19.5, Cilium clusters using Gateway API allow users with permissions to create or update namespaced HTTPRoutes to mirror HTTP traffic to any Service in any namespace, bypassing the ReferenceGrant authorization mechanism. Gateway API functionality is disabled by default. This issue is fixed in versions 1.17.17, 1.18.11, and 1.19.5.
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Affected products
cilium · cilium