Untriaged
Permalink
CVE-2026-53935
6.9 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Adjacent (A)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): High (H)
- User Interaction (UI): None (N)
- Scope (S): Changed (C)
- Confidentiality (C): Low (L)
- Integrity (I): None (N)
- Availability (A): High (H)
- Modified Attack Vector (MAV): Adjacent (A)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): High (H)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): Low (L)
- Modified Scope (MS): Changed (C)
- Modified Integrity (MI): None (N)
- Modified Availability (MA): High (H)
Activity log
- Created suggestion
CiliumLocalRedirectPolicy addressMatcher allows cross-namespace service traffic hijacking and can break service translation
Cilium is a networking, observability, and security solution. Prior to 1.17.16, from 1.18.2 to 1.18.9, and from 1.19.0 to 1.19.3, users with the ability to create CiliumLocalRedirectPolicies can specify arbitrary ClusterIPs via addressMatcher, enabling hijacking traffic to Services in any namespace and bypassing namespace scoping enforced by serviceMatcher; deleting such a policy can also corrupt Cilium internal service state and stop service translation for the affected Service. This issue is fixed in versions 1.17.16, 1.18.10, and 1.19.4.
References
-
https://github.com/cilium/cilium/security/advisories/GHSA-q6h5-q3q6-f87x x_refsource_CONFIRM
-
https://github.com/cilium/cilium/pull/45412 x_refsource_MISC
-
https://github.com/cilium/cilium/pull/45584 x_refsource_MISC
-
https://github.com/cilium/cilium/pull/45585 x_refsource_MISC
Affected products
cilium
- ==< 1.17.16
- ==>= 1.19.0, < 1.19.4
- ==>= 1.18.2, < 1.18.10
Package maintainers
-
@akshatagarwl Akshat Agarwal <humancalico@disroot.org>
-
@qjoly Quentin JOLY <github@une-pause-cafe.fr>
-
@ryan4yin Ryan Yin <xiaoyin_c@qq.com>