CVE Daily
← All tags

Tag: Cilium

All CVEs associated with "Cilium". Page 1/1 • 12 CVEs.

About “Cilium”

A curated feed of “Cilium”-related CVEs appears below. We currently track 12 CVEs for this tag (all time). In the last 365 days, 8 were published. Average CVSS is 4.9 (all time; 5.3 over 365d), and 8% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-284 - Improper Access Control, CWE-189 - CWE-189, CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor.

In our taxonomy this topic maps to a LOW impact class. Container and Kubernetes fixes usually require image rebuilds and control plane or node upgrades. Prioritize exposed surfaces, restart workloads on patched bases, and tighten RBAC and NetworkPolicies. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: cilium

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

CycleReleaseLatestEOLLTS
1.191.19.4-
1.181.18.10-
1.171.17.16-
1.161.16.19 Expired
1.151.15.19 Expired
1.141.14.19 Expired
1.131.13.18 Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS (expired)  ·  ICS

Subscribe CVEs: RSS for “Cilium”  ·  RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2026-06-03
Low

CVE-2026-10722

A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipul…

CVSS: 3.3 CWE: CWE-189 View on NVD
2026-05-27
Unknown

CVE-2026-45886

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpf_xdp_store_bytes proto for read-only arg While making some maps in Cilium read-only from the BPF side, we noticed tha…

CVSS: N/A CWE: N/A View on NVD
2026-05-08
High

CVE-2026-41520

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.15, 1.18.9, and 1.19.3, the output of cilium-bugtool can contain sensitive data when…

CVSS: 7.9 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2026-03-27
Medium

CVE-2026-33726

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from po…

CVSS: 5.4 CWE: CWE-284 - Improper Access Control View on NVD
2026-02-20
Medium

CVE-2026-26963

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing,…

CVSS: 6.1 CWE: CWE-863 - Incorrect Authorization View on NVD
2025-12-30
Unknown

CVE-2023-54173

In the Linux kernel, the following vulnerability has been resolved: bpf: Disable preemption in bpf_event_output We received report [1] of kernel crash, which is caused by using nesting protection w…

CVSS: N/A CWE: N/A View on NVD
2025-11-29
Medium

CVE-2025-64715

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.16.17, 1.17.10, and 1.18.4, CiliumNetworkPolicys which use egress.toGroups.aws.securityG…

CVSS: 4.0 CWE: CWE-284 - Improper Access Control View on NVD
2025-11-12
Unknown

CVE-2025-40183

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} Cilium has a BPF egress gateway feature which forces outgoing K8s Pod traf…

CVSS: N/A CWE: N/A View on NVD
2025-03-24
Low

CVE-2025-30163

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Node based network policies (`fromNodes` and `toNodes`) will incorrectly permit traffic to/from non-node end…

CVSS: 3.4 CWE: CWE-863 - Incorrect Authorization View on NVD
Low

CVE-2025-30162

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and use LB-IPAM or BGP for LB Service imp…

CVSS: 3.2 CWE: CWE-863 - Incorrect Authorization View on NVD
2024-11-25
Medium

CVE-2024-52529

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For users with the following configuration: 1. An allow policy that selects a Layer 3 destination and a port…

CVSS: 5.8 CWE: CWE-755 - Improper Handling of Exceptional Conditions View on NVD
2024-08-16
Medium

CVE-2024-42486

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant chang…

CVSS: 5.4 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
CVE Daily Lookup — auto-links CVE IDs on any page you visit. GitHub, Jira, Confluence & more. Free.
Chrome Firefox