CVE-2026-49445

CVE-2026-49445CVE-2026-49445

Description

Cilium is a networking, observability, and security solution. Prior to 1.17.14, 1.18.8, and 1.19.2, when Cilium L7 functionality is enabled, the embedded or standalone Envoy instance creates a world-accessible admin.sock on cluster nodes, allowing a local attacker to access Envoy admin endpoints, expose TLS secrets, disrupt cluster traffic, or terminate Envoy. This issue is fixed in versions 1.17.14, 1.18.8, and 1.19.2.

Scoring

CVSS 9.2 ()
VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H
Last modified2026-07-15
Sourced from NVD. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.