CVE-2026-26963
MEDIUM WAF: Low
CVSS 5.4
Published: 2026-02-20
CWE-863
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, WireGuard and Node Encryption are enabled. This issue has been fixed in version 1.18.6.
WAF Coverage Analysis
Incorrect Authorization
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| cilium | cilium | 1.18.0 - 1.18.6 |
References
- github.com (Patch)
- github.com (Issue Tracking)
- github.com (Release Notes)
- github.com (Patch, Vendor Advisory)