CVE-2026-41520
7.9 HIGHCilium is a networking, observability, and security solution with an eBPF-based dataplane
Published: 2026-05-08 · Last updated: 2026-05-18
Severity and scoring
- CVSS
- 7.9 HIGH
- Vector
- CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
- CWE
- CWE-200, CWE-312
Affected products
| Vendor | Product |
|---|---|
| cilium | cilium |
Description
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.15, 1.18.9, and 1.19.3, the output of cilium-bugtool can contain sensitive data when the tool is run against Cilium deployments with WireGuard encryption enabled. This issue has been patched in versions 1.17.15, 1.18.9, and 1.19.3.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-41520
- [Other]https://github.com/cilium/cilium/releases/tag/v1.17.15
- [Other]https://github.com/cilium/cilium/releases/tag/v1.18.9
- [Other]https://github.com/cilium/cilium/releases/tag/v1.19.3
- [Vendor advisory]https://github.com/cilium/cilium/security/advisories/GHSA-gj49-89wh-h4gj
Related CVEs
Same vendor
- CVE-2026-10722 — A vulnerability has been found in cilium ebpf up to 0.21.0 (3.3 LOW)
Same CWE
- CVE-2026-49219 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.5 MEDIUM)
- CVE-2026-47165 — ImageMagick is free and open-source software used for editing and manipulating digital images (4.1 MEDIUM)
- CVE-2026-48855 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh (ssh_sftpd module) allows File Discovery
- CVE-2026-45329 — ESF-IDF is the Espressif Internet of Things (IOT) Development Framework (7.1 HIGH)
- CVE-2026-36719 — An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain ... (7.5 HIGH)