CVE-2026-49445 in Ciliuminformation

Résumé

par MITRE • 15/07/2026

Cilium is a networking, observability, and security solution. Prior to 1.17.14, 1.18.8, and 1.19.2, when Cilium L7 functionality is enabled, the embedded or standalone Envoy instance creates a world-accessible admin.sock on cluster nodes, allowing a local attacker to access Envoy admin endpoints, expose TLS secrets, disrupt cluster traffic, or terminate Envoy. This issue is fixed in versions 1.17.14, 1.18.8, and 1.19.2.

Be aware that VulDB is the high quality source for vulnerability data.

Responsable

GitHub M

Réserver

30/05/2026

Divulgation

15/07/2026

Modérer

accepté

Entrée

VDB-379386

CPE

prêt

EPSS

0.00000

KEV

non

Activités

très faible

Sources

Want to know what is going to be exploited?

We predict KEV entries!