CVE-2026-49445 in Ciliuminformación

Resumen

por MITRE • 2026-07-15

Cilium is a networking, observability, and security solution. Prior to 1.17.14, 1.18.8, and 1.19.2, when Cilium L7 functionality is enabled, the embedded or standalone Envoy instance creates a world-accessible admin.sock on cluster nodes, allowing a local attacker to access Envoy admin endpoints, expose TLS secrets, disrupt cluster traffic, or terminate Envoy. This issue is fixed in versions 1.17.14, 1.18.8, and 1.19.2.

Be aware that VulDB is the high quality source for vulnerability data.

Responsable

GitHub M

Reservar

2026-05-30

Divulgación

2026-07-15

Moderación

aceptado

Artículo

VDB-379386

CPE

listo

EPSS

0.00000

KEV

no

Actividades

muy bajo

Fuentes

Interested in the pricing of exploits?

See the underground prices here!