📦 Cilium

CVE-2024-37307 is a sensitive data exposure vulnerability in Cilium's cilium-bugtool debugging utility. When run with the --envoy-dump flag against deployments with Envoy proxy enabled, the tool can e...

CVE-2024-28860 is a cryptographic vulnerability in Cilium's IPsec transparent encryption that allows man-in-the-middle attackers to perform chosen plaintext, key recovery, and replay attacks when mult...

CVE-2024-28248 is a security vulnerability in Cilium's HTTP policy enforcement where HTTP traffic that should be blocked according to configured policies is intermittently allowed through. This affect...

This CVE allows attackers with Kubernetes API access to bypass Cilium network policies by updating pod labels with non-existent construct names. It affects Cilium users who rely on network policies fo...

This CVE allows an attacker who has already escaped a container running as root to escalate privileges to Kubernetes cluster admin using Cilium's service account. It affects Cilium installations prior...

This CVE describes a misconfiguration vulnerability in Cilium where AWS security group IDs referenced in CiliumNetworkPolicies that don't exist or aren't attached to network interfaces may cause broad...

CVE-2025-23047 is a Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability in Cilium's Hubble UI that allows malicious websites to access sensitive Kubernetes cluster configuration data. ...

A denial of service vulnerability in Cilium allows attackers to crash Cilium agents by sending crafted DNS responses to workloads from outside the cluster. This affects Kubernetes clusters running vul...

Cilium versions 1.14.0 through 1.14.15 and 1.15.0 through 1.15.9 have a policy bypass vulnerability where certain CIDR-based deny rules may be ignored when conflicting with specific allow rules. This ...

A vulnerability in Cilium's GatewayAPI controller fails to properly propagate ReferenceGrant changes, allowing Gateway resources to retain access to secrets longer than intended or Routes to forward t...

A race condition in Cilium agent versions before 1.14.14 and 1.15.8 can cause node labels to be ignored, potentially allowing CiliumClusterwideNetworkPolicies to be bypassed. This affects users runnin...