Untriaged
Permalink
CVE-2026-56742
5.9 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Adjacent (A)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): High (H)
- User Interaction (UI): None (N)
- Scope (S): Changed (C)
- Confidentiality (C): Low (L)
- Integrity (I): Low (L)
- Availability (A): Low (L)
- Modified Attack Vector (MAV): Adjacent (A)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): High (H)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): Low (L)
- Modified Scope (MS): Changed (C)
- Modified Integrity (MI): Low (L)
- Modified Availability (MA): Low (L)
Activity log
- Created suggestion
Cilium: Namespaced HTTPRoutes can redirect traffic to other namespaces
Cilium is a networking, observability, and security solution. Prior to 1.17.17, 1.18.11, and 1.19.5, Cilium clusters using Gateway API allow users with permissions to create or update namespaced HTTPRoutes to mirror HTTP traffic to any Service in any namespace, bypassing the ReferenceGrant authorization mechanism. Gateway API functionality is disabled by default. This issue is fixed in versions 1.17.17, 1.18.11, and 1.19.5.
References
-
https://github.com/cilium/cilium/security/advisories/GHSA-w7c2-w76w-5hmj x_refsource_CONFIRM
-
https://github.com/cilium/cilium/releases/tag/v1.17.17 x_refsource_MISC
-
https://github.com/cilium/cilium/releases/tag/v1.18.11 x_refsource_MISC
-
https://github.com/cilium/cilium/releases/tag/v1.19.5 x_refsource_MISC
Affected products
cilium
- ==>= 1.18.0, < 1.18.11
- ==>= 1.19.0, < 1.19.5
- ==< 1.17.17
Package maintainers
-
@ryan4yin Ryan Yin <xiaoyin_c@qq.com>
-
@akshatagarwl Akshat Agarwal <humancalico@disroot.org>
-
@qjoly Quentin JOLY <github@une-pause-cafe.fr>