CVE-2026-25804

Summary

Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to versions 2.3.2 and 2.4.3, Antrea's network policy priority assignment system has a uint16 arithmetic overflow bug that causes incorrect OpenFlow priority calculations when handling a large numbers of policies with various priority values. This results in potentially incorrect traffic enforcement. This issue has been patched in versions 2.4.3.

Affected Software

VendorProductVersion RangeStatus
antrea-ioantrea< 2.3.2affected
antrea-ioantrea>= 2.4.0, < 2.4.3affected

Weaknesses

  • CWE-287: CWE-287: Improper Authentication
  • CWE-770: CWE-770: Allocation of Resources Without Limits or Throttling

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References