CVE-2026-41520 PUBLISHED

Cillium exposes sensitive information included in the cilium-bugtool debug archive

Assigner: GitHub_M
Reserved: 20.04.2026 Published: 08.05.2026 Updated: 08.05.2026

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.15, 1.18.9, and 1.19.3, the output of cilium-bugtool can contain sensitive data when the tool is run against Cilium deployments with WireGuard encryption enabled. This issue has been patched in versions 1.17.15, 1.18.9, and 1.19.3.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
CVSS Score: 7.9

Attack Vector	Local	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	High	Integrity Impact	High
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	cilium
Product	cilium
Versions	Version < 1.17.15 is affected Version >= 1.18.0, < 1.18.9 is affected Version >= 1.19.0, < 1.19.3 is affected

References

Problem Types

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE
CWE-312: Cleartext Storage of Sensitive Information CWE