CVE-2026-49445

Summary

Cilium is a networking, observability, and security solution. Prior to 1.17.14, 1.18.8, and 1.19.2, when Cilium L7 functionality is enabled, the embedded or standalone Envoy instance creates a world-accessible admin.sock on cluster nodes, allowing a local attacker to access Envoy admin endpoints, expose TLS secrets, disrupt cluster traffic, or terminate Envoy. This issue is fixed in versions 1.17.14, 1.18.8, and 1.19.2.

Affected Software

VendorProductVersion RangeStatus
ciliumcilium< 1.17.14affected
ciliumcilium>= 1.18.0, < 1.18.8affected
ciliumcilium>= 1.19.0, < 1.19.2affected

Weaknesses

  • CWE-732: CWE-732: Incorrect Permission Assignment for Critical Resource

References