← voltar
CVE-2026-56742mediumCWE-862

Cilium: Namespaced HTTPRoutes can redirect traffic to other namespaces

13Vexday Risk Score

Sem sinal de exploração. Nenhum artefato público de exploração conhecido até agora.

ssvc Trackcvss 5.9epss 0.2%
probabilidade de exploração
0.2%top 90% das CVEs
exploração observada
nãonenhuma fonte reporta
Cilium is a networking, observability, and security solution. Prior to 1.17.17, 1.18.11, and 1.19.5, Cilium clusters using Gateway API allow users with permissions to create or update namespaced HTTPRoutes to mirror HTTP traffic to any Service in any namespace, bypassing the ReferenceGrant authorization mechanism. Gateway API functionality is disabled by default. This issue is fixed in versions 1.17.17, 1.18.11, and 1.19.5.
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Produtos afetados
cilium · cilium