CVE-2026-26963

MEDIUM

Cilium 1.18.0-1.18.5 - Incorrect Authorization via Native Routing with WireGuard and Node Encryption

Title source: llm

Description

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, WireGuard and Node Encryption are enabled. This issue has been fixed in version 1.18.6.

References (4)

Core 4

Core References

Vendor Advisory x_refsource_confirm

https://github.com/cilium/cilium/security/advisories/GHSA-5r23-prx4-mqg3

Issue Tracking x_refsource_misc

https://github.com/cilium/cilium/pull/42892

Patch x_refsource_misc

https://github.com/cilium/cilium/commit/88e28e1e62c0b1a02c3f0fc22d888ac9eefbe885

View Patch ZIP pw:eip

Release Notes x_refsource_misc

https://github.com/cilium/cilium/releases/tag/v1.18.6

Scores

CVSS v3 6.1

EPSS 0.0001

EPSS Percentile 0.4%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-863

Status published

Products (2)

cilium/cilium 1.18.0 - 1.18.6Go

cilium/cilium 1.18.0 - 1.18.6

Published Feb 20, 2026

Tracked Since Feb 20, 2026