CVE-2026-49445 PUBLISHED

Cilium: Sensitive information disclosure and cluster disruption via local Envoy admin socket access

Assigner: GitHub_M
Reserved: 30.05.2026 Published: 15.07.2026 Updated: 16.07.2026

Cilium is a networking, observability, and security solution. Prior to 1.17.14, 1.18.8, and 1.19.2, when Cilium L7 functionality is enabled, the embedded or standalone Envoy instance creates a world-accessible admin.sock on cluster nodes, allowing a local attacker to access Envoy admin endpoints, expose TLS secrets, disrupt cluster traffic, or terminate Envoy. This issue is fixed in versions 1.17.14, 1.18.8, and 1.19.2.

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H
CVSS Score: 9.2

Product Status

Vendor cilium
Product cilium
Versions
  • Version < 1.17.14 is affected
  • Version >= 1.18.0, < 1.18.8 is affected
  • Version >= 1.19.0, < 1.19.2 is affected

References

Problem Types

  • CWE-732: Incorrect Permission Assignment for Critical Resource CWE