7.9

CVE-2026-41520

Cillium exposes sensitive information included in the cilium-bugtool debug archive

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.15, 1.18.9, and 1.19.3, the output of cilium-bugtool can contain sensitive data when the tool is run against Cilium deployments with WireGuard encryption enabled. This issue has been patched in versions 1.17.15, 1.18.9, and 1.19.3.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiliumCilium Version < 1.17.15
CiliumCilium Version >= 1.18.0 < 1.18.9
CiliumCilium Version >= 1.19.0 < 1.19.3
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.08% 0.002
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.4 0.8 3.6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
security-advisories@github.com 7.9 1.5 5.8
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

https://github.com/cilium/cilium/security/advisories/GHSA-gj49-89wh-h4gj
Vendor Advisory
Mitigation
https://github.com/cilium/cilium/releases/tag/v1.17.15
Product
Release Notes
https://github.com/cilium/cilium/releases/tag/v1.18.9
Product
Release Notes
https://github.com/cilium/cilium/releases/tag/v1.19.3
Product
Release Notes