CVE-2026-41520
HIGHCillium exposes sensitive information included in the cilium-bugtool debug archive
Title source: cnaDescription
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.15, 1.18.9, and 1.19.3, the output of cilium-bugtool can contain sensitive data when the tool is run against Cilium deployments with WireGuard encryption enabled. This issue has been patched in versions 1.17.15, 1.18.9, and 1.19.3.
References (4)
Core 4
Core References
X_Refsource_Confirm x_refsource_confirm
https://github.com/cilium/cilium/security/advisories/GHSA-gj49-89wh-h4gj
X_Refsource_Misc x_refsource_misc
https://github.com/cilium/cilium/releases/tag/v1.17.15
X_Refsource_Misc x_refsource_misc
https://github.com/cilium/cilium/releases/tag/v1.18.9
X_Refsource_Misc x_refsource_misc
https://github.com/cilium/cilium/releases/tag/v1.19.3
Scores
CVSS v3
7.9
EPSS
0.0008
EPSS Percentile
0.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-200
CWE-312
Status
published
Products (6)
cilium/cilium
< 1.17.15 (2 CPE variants)
cilium/cilium
0 - 1.17.15Go
cilium/cilium
1.18.0 - 1.18.9Go
cilium/cilium
1.19.0 - 1.19.3Go
cilium/cilium
>= 1.18.0, < 1.18.9
cilium/cilium
>= 1.19.0, < 1.19.3
Published
May 08, 2026
Tracked Since
May 09, 2026