CVE-2026-33726 (GCVE-0-2026-33726)

Vulnerability from cvelistv5 – Published: 2026-03-27 00:23 – Updated: 2026-03-27 13:50
VLAI?
Title
Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic
Summary
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services (Envoy, GAMMA) with a local backend on the same node, when Per-Endpoint Routing is enabled and BPF Host Routing is disabled. Per-Endpoint Routing is disabled by default, but is automatically enabled in deployments using cloud IPAM, including Cilium ENI on EKS (`eni.enabled`), AlibabaCloud ENI (`alibabacloud.enabled`), Azure IPAM (`azure.enabled`, but not AKS BYOCNI), and some GKE deployments (`gke.enabled`; managed offerings such as GKE Dataplane V2 may use different defaults). It is typically not enabled in tunneled deployments, and chaining deployments are not affected. In practice, Amazon EKS with Cilium ENI mode is likely the most common affected environment. Versions 1.17.14, 1.18.8, and 1.19.2 contain a patch. There is currently no officially verified or comprehensive workaround for this issue. The only option would be to disable per-endpoint routes, but this will likely cause disruptions to ongoing connections, and potential conflicts if running in cloud providers.
Severity ?
5.4 (Medium)
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
CWE
Assigner
References
Impacted products
Vendor Product Version
cilium cilium Affected: < 1.17.14
Affected: >= 1.18.0, < 1.18.8
Affected: >= 1.19.0, < 1.19.2
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33726",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-27T13:24:20.808024Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-27T13:50:24.672Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cilium",
          "vendor": "cilium",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.17.14"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.18.0, \u003c 1.18.8"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.19.0, \u003c 1.19.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services (Envoy, GAMMA) with a local backend on the same node, when Per-Endpoint Routing is enabled and BPF Host Routing is disabled. Per-Endpoint Routing is disabled by default, but is automatically enabled in deployments using cloud IPAM, including Cilium ENI on EKS (`eni.enabled`), AlibabaCloud ENI (`alibabacloud.enabled`), Azure IPAM (`azure.enabled`, but not AKS BYOCNI), and some GKE deployments (`gke.enabled`; managed offerings such as GKE Dataplane V2 may use different defaults). It is typically not enabled in tunneled deployments, and chaining deployments are not affected. In practice, Amazon EKS with Cilium ENI mode is likely the most common affected environment. Versions 1.17.14, 1.18.8, and 1.19.2 contain a patch. There is currently no officially verified or comprehensive workaround for this issue. The only option would be to disable per-endpoint routes, but this will likely cause disruptions to ongoing connections, and potential conflicts if running in cloud providers."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284: Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863: Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-27T00:23:21.795Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/cilium/cilium/security/advisories/GHSA-hxv8-4j4r-cqgv",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/cilium/cilium/security/advisories/GHSA-hxv8-4j4r-cqgv"
        },
        {
          "name": "https://github.com/cilium/cilium/pull/44693",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/cilium/cilium/pull/44693"
        },
        {
          "name": "https://docs.cilium.io/en/stable/network/concepts/routing/#routing",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://docs.cilium.io/en/stable/network/concepts/routing/#routing"
        },
        {
          "name": "https://docs.cilium.io/en/stable/network/kubernetes/policy/#network-policy",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://docs.cilium.io/en/stable/network/kubernetes/policy/#network-policy"
        },
        {
          "name": "https://docs.cilium.io/en/stable/network/servicemesh/l7-traffic-management",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://docs.cilium.io/en/stable/network/servicemesh/l7-traffic-management"
        },
        {
          "name": "https://docs.cilium.io/en/stable/operations/performance/tuning/#ebpf-host-routing",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://docs.cilium.io/en/stable/operations/performance/tuning/#ebpf-host-routing"
        }
      ],
      "source": {
        "advisory": "GHSA-hxv8-4j4r-cqgv",
        "discovery": "UNKNOWN"
      },
      "title": "Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33726",
    "datePublished": "2026-03-27T00:23:21.795Z",
    "dateReserved": "2026-03-23T17:34:57.559Z",
    "dateUpdated": "2026-03-27T13:50:24.672Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-33726\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-27T01:16:20.007\",\"lastModified\":\"2026-03-30T13:26:29.793\",\"vulnStatus\":\"Undergoing Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services (Envoy, GAMMA) with a local backend on the same node, when Per-Endpoint Routing is enabled and BPF Host Routing is disabled. Per-Endpoint Routing is disabled by default, but is automatically enabled in deployments using cloud IPAM, including Cilium ENI on EKS (`eni.enabled`), AlibabaCloud ENI (`alibabacloud.enabled`), Azure IPAM (`azure.enabled`, but not AKS BYOCNI), and some GKE deployments (`gke.enabled`; managed offerings such as GKE Dataplane V2 may use different defaults). It is typically not enabled in tunneled deployments, and chaining deployments are not affected. In practice, Amazon EKS with Cilium ENI mode is likely the most common affected environment. Versions 1.17.14, 1.18.8, and 1.19.2 contain a patch. There is currently no officially verified or comprehensive workaround for this issue. The only option would be to disable per-endpoint routes, but this will likely cause disruptions to ongoing connections, and potential conflicts if running in cloud providers.\"},{\"lang\":\"es\",\"value\":\"Cilium es una soluci\u00f3n de red, observabilidad y seguridad con un plano de datos basado en eBPF. Antes de las versiones 1.17.14, 1.18.8 y 1.19.2, las pol\u00edticas de red de entrada (Ingress Network Policies) no se aplican para el tr\u00e1fico de pods a servicios L7 (Envoy, GAMMA) con un backend local en el mismo nodo, cuando el enrutamiento por punto final (Per-Endpoint Routing) est\u00e1 habilitado y el enrutamiento de host BPF (BPF Host Routing) est\u00e1 deshabilitado. El enrutamiento por punto final (Per-Endpoint Routing) est\u00e1 deshabilitado por defecto, pero se habilita autom\u00e1ticamente en implementaciones que utilizan IPAM en la nube, incluyendo Cilium ENI en EKS (\u0027eni.enabled\u0027), AlibabaCloud ENI (\u0027alibabacloud.enabled\u0027), Azure IPAM (\u0027azure.enabled\u0027, pero no AKS BYOCNI), y algunas implementaciones de GKE (\u0027gke.enabled\u0027; las ofertas gestionadas como GKE Dataplane V2 pueden usar valores predeterminados diferentes). Normalmente no est\u00e1 habilitado en implementaciones con t\u00faneles, y las implementaciones en cadena no se ven afectadas. En la pr\u00e1ctica, Amazon EKS con modo Cilium ENI es probablemente el entorno afectado m\u00e1s com\u00fan. Las versiones 1.17.14, 1.18.8 y 1.19.2 contienen un parche. Actualmente no existe una soluci\u00f3n alternativa oficialmente verificada o completa para este problema. La \u00fanica opci\u00f3n ser\u00eda deshabilitar las rutas por punto final, pero esto probablemente causar\u00e1 interrupciones en las conexiones en curso, y posibles conflictos si se ejecuta en proveedores de la nube.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"},{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"references\":[{\"url\":\"https://docs.cilium.io/en/stable/network/concepts/routing/#routing\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://docs.cilium.io/en/stable/network/kubernetes/policy/#network-policy\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://docs.cilium.io/en/stable/network/servicemesh/l7-traffic-management\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://docs.cilium.io/en/stable/operations/performance/tuning/#ebpf-host-routing\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/cilium/cilium/pull/44693\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/cilium/cilium/security/advisories/GHSA-hxv8-4j4r-cqgv\",\"source\":\"security-advisories@github.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-33726\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-27T13:24:20.808024Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-27T13:24:24.487Z\"}}], \"cna\": {\"title\": \"Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic\", \"source\": {\"advisory\": \"GHSA-hxv8-4j4r-cqgv\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 5.4, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"cilium\", \"product\": \"cilium\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.17.14\"}, {\"status\": \"affected\", \"version\": \"\u003e= 1.18.0, \u003c 1.18.8\"}, {\"status\": \"affected\", \"version\": \"\u003e= 1.19.0, \u003c 1.19.2\"}]}], \"references\": [{\"url\": \"https://github.com/cilium/cilium/security/advisories/GHSA-hxv8-4j4r-cqgv\", \"name\": \"https://github.com/cilium/cilium/security/advisories/GHSA-hxv8-4j4r-cqgv\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/cilium/cilium/pull/44693\", \"name\": \"https://github.com/cilium/cilium/pull/44693\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://docs.cilium.io/en/stable/network/concepts/routing/#routing\", \"name\": \"https://docs.cilium.io/en/stable/network/concepts/routing/#routing\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://docs.cilium.io/en/stable/network/kubernetes/policy/#network-policy\", \"name\": \"https://docs.cilium.io/en/stable/network/kubernetes/policy/#network-policy\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://docs.cilium.io/en/stable/network/servicemesh/l7-traffic-management\", \"name\": \"https://docs.cilium.io/en/stable/network/servicemesh/l7-traffic-management\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://docs.cilium.io/en/stable/operations/performance/tuning/#ebpf-host-routing\", \"name\": \"https://docs.cilium.io/en/stable/operations/performance/tuning/#ebpf-host-routing\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services (Envoy, GAMMA) with a local backend on the same node, when Per-Endpoint Routing is enabled and BPF Host Routing is disabled. Per-Endpoint Routing is disabled by default, but is automatically enabled in deployments using cloud IPAM, including Cilium ENI on EKS (`eni.enabled`), AlibabaCloud ENI (`alibabacloud.enabled`), Azure IPAM (`azure.enabled`, but not AKS BYOCNI), and some GKE deployments (`gke.enabled`; managed offerings such as GKE Dataplane V2 may use different defaults). It is typically not enabled in tunneled deployments, and chaining deployments are not affected. In practice, Amazon EKS with Cilium ENI mode is likely the most common affected environment. Versions 1.17.14, 1.18.8, and 1.19.2 contain a patch. There is currently no officially verified or comprehensive workaround for this issue. The only option would be to disable per-endpoint routes, but this will likely cause disruptions to ongoing connections, and potential conflicts if running in cloud providers.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"CWE-284: Improper Access Control\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-863\", \"description\": \"CWE-863: Incorrect Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-27T00:23:21.795Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-33726\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-27T13:50:24.672Z\", \"dateReserved\": \"2026-03-23T17:34:57.559Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-27T00:23:21.795Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.