Description
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services (Envoy, GAMMA) with a local backend on the same node, when Per-Endpoint Routing is enabled and BPF Host Routing is disabled. Per-Endpoint Routing is disabled by default, but is automatically enabled in deployments using cloud IPAM, including Cilium ENI on EKS (`eni.enabled`), AlibabaCloud ENI (`alibabacloud.enabled`), Azure IPAM (`azure.enabled`, but not AKS BYOCNI), and some GKE deployments (`gke.enabled`; managed offerings such as GKE Dataplane V2 may use different defaults). It is typically not enabled in tunneled deployments, and chaining deployments are not affected. In practice, Amazon EKS with Cilium ENI mode is likely the most common affected environment. Versions 1.17.14, 1.18.8, and 1.19.2 contain a patch. There is currently no officially verified or comprehensive workaround for this issue. The only option would be to disable per-endpoint routes, but this will likely cause disruptions to ongoing connections, and potential conflicts if running in cloud providers.
Published: 2026-03-27
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Bypass of Kubernetes NetworkPolicy for same-node traffic
Action: Patch
AI Analysis

Impact

Cilium’s L7 proxy can allow traffic from a pod to a locally back‑ended L7 Service to skip enforced ingress NetworkPolicies when Per‑Endpoint Routing is enabled and BPF Host Routing is disabled. This creates an unauthorized data path between the pod and the service, enabling an attacker to send traffic that normally would be denied by cluster policy, potentially compromising confidentiality and integrity. The flaw stems from improper access control and a privilege‑check bypass.

Affected Systems

The vulnerability affects Cilium versions prior to 1.17.14, 1.18.8, and 1.19.2. It is relevant for deployments that use cloud IPAM, including Cilium ENI on Amazon EKS, AlibabaCloud ENI, Azure IPAM (except AKS BYOCNI), and certain GKE setups. Typical affected environments are EKS with Cilium ENI mode; tunneled or chaining deployments and GKE Dataplane V2 managed offerings are not impacted.

Risk and Exploitability

The CVSS score is 5.4 and the EPSS score is below 1 %, indicating moderate severity and low expected exploitation likelihood. The issue is not listed in CISA’s KEV catalog. The attack vector relies on local‑node pod traffic—an attacker needs a pod on the same node as the target service to exploit the bypass. Updating to the patched version mitigates the flaw, while disabling Per‑Endpoint Routing can act as a temporary workaround at the cost of potential connection disruptions.

Generated by OpenCVE AI on April 2, 2026 at 04:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Cilium to version 1.17.14, 1.18.8, 1.19.2 or later.
  • If immediate remediation is required, disable Per‑Endpoint Routing, noting that this may interrupt existing connections.
  • Verify that BPF Host Routing is appropriately disabled or configured.
  • Test NetworkPolicy enforcement by sending test traffic between pods and L7 services.
  • Keep the Kubernetes cluster and Cilium components up to date to prevent future similar weaknesses.

Generated by OpenCVE AI on April 2, 2026 at 04:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-hxv8-4j4r-cqgv Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic
History

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*

Fri, 27 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Cilium
Cilium cilium
Vendors & Products Cilium
Cilium cilium

Fri, 27 Mar 2026 04:00:00 +0000

Type Values Removed Values Added
Description Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services (Envoy, GAMMA) with a local backend on the same node, when Per-Endpoint Routing is enabled and BPF Host Routing is disabled. Per-Endpoint Routing is disabled by default, but is automatically enabled in deployments using cloud IPAM, including Cilium ENI on EKS (`eni.enabled`), AlibabaCloud ENI (`alibabacloud.enabled`), Azure IPAM (`azure.enabled`, but not AKS BYOCNI), and some GKE deployments (`gke.enabled`; managed offerings such as GKE Dataplane V2 may use different defaults). It is typically not enabled in tunneled deployments, and chaining deployments are not affected. In practice, Amazon EKS with Cilium ENI mode is likely the most common affected environment. Versions 1.17.14, 1.18.8, and 1.19.2 contain a patch. There is currently no officially verified or comprehensive workaround for this issue. The only option would be to disable per-endpoint routes, but this will likely cause disruptions to ongoing connections, and potential conflicts if running in cloud providers.
Title Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic
Weaknesses CWE-284
CWE-863
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N'}

Subscriptions

Cilium Cilium
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-27T13:50:24.672Z

Reserved: 2026-03-23T17:34:57.559Z

Link: CVE-2026-33726

cve-icon Vulnrichment

Updated: 2026-03-27T13:24:24.487Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-27T01:16:20.007

Modified: 2026-04-01T15:53:30.673

Link: CVE-2026-33726

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T07:55:53Z

Weaknesses