Description
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services (Envoy, GAMMA) with a local backend on the same node, when Per-Endpoint Routing is enabled and BPF Host Routing is disabled. Per-Endpoint Routing is disabled by default, but is automatically enabled in deployments using cloud IPAM, including Cilium ENI on EKS (`eni.enabled`), AlibabaCloud ENI (`alibabacloud.enabled`), Azure IPAM (`azure.enabled`, but not AKS BYOCNI), and some GKE deployments (`gke.enabled`; managed offerings such as GKE Dataplane V2 may use different defaults). It is typically not enabled in tunneled deployments, and chaining deployments are not affected. In practice, Amazon EKS with Cilium ENI mode is likely the most common affected environment. Versions 1.17.14, 1.18.8, and 1.19.2 contain a patch. There is currently no officially verified or comprehensive workaround for this issue. The only option would be to disable per-endpoint routes, but this will likely cause disruptions to ongoing connections, and potential conflicts if running in cloud providers.
Published: 2026-03-27
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Network Policy Bypass
Action: Patch
AI Analysis

Impact

The vulnerability arises when Cilium’s L7 proxy allows traffic between pods and local L7 services on the same node to bypass Kubernetes NetworkPolicy enforcement under certain configuration conditions. With per‑endpoint routing enabled and BPF Host Routing disabled, traffic that should be filtered by Ingress NetworkPolicies is instead routed directly to the service backend. Attackers can exploit this by creating or compromising pods to send traffic that bypasses policy restrictions, potentially exposing workloads to unauthorized data flows or disrupting communication integrity. The weakness corresponds to improper access control (CWE‑284).

Affected Systems

Affected deployments involve the open‑source Cilium networking solution prior to version 1.17.14, 1.18.8, or 1.19.2. The issue manifests when cloud IPAM configurations such as the Cilium ENI mode on Amazon EKS, AlibabaCloud ENI, Azure IPAM (excluding AKS BYOCNI), or various GKE deployments enable per‑endpoint routing. The most common affected environment is Amazon EKS when Cilium ENI mode is used, but any Kubernetes cluster that automatically enables per‑endpoint routing while disabling BPF Host Routing can be vulnerable.

Risk and Exploitability

The CVSS score is 5.4, indicating a moderate risk, and there is no EPSS data available; the vulnerability is not currently listed in CISA’s KEV catalog. Exploitation requires that per‑endpoint routing be active and BPF Host Routing be turned off—conditions that are often true for cloud‑provider deployments that auto‑enable per‑endpoint routing. Because no official workaround has been verified, the primary mitigation is to upgrade to a patched release or, if upgrading is not immediately possible, to disable per‑endpoint routing, acknowledging that this may interfere with existing connections on some cloud platforms.

Generated by OpenCVE AI on March 27, 2026 at 06:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Cilium to version 1.17.14, 1.18.8, or 1.19.2 or later to apply the official patch.
  • If upgrade is not immediately possible, disable Per‑Endpoint Routing to prevent the policy bypass, noting potential connection disruptions.
  • Verify that BPF Host Routing is enabled when Per‑Endpoint Routing is required and monitor NetworkPolicy enforcement for L7 services.

Generated by OpenCVE AI on March 27, 2026 at 06:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-hxv8-4j4r-cqgv Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic
History

Fri, 27 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Cilium
Cilium cilium
Vendors & Products Cilium
Cilium cilium

Fri, 27 Mar 2026 04:00:00 +0000

Type Values Removed Values Added
Description Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.14, 1.18.8, and 1.19.2, Ingress Network Policies are not enforced for traffic from pods to L7 Services (Envoy, GAMMA) with a local backend on the same node, when Per-Endpoint Routing is enabled and BPF Host Routing is disabled. Per-Endpoint Routing is disabled by default, but is automatically enabled in deployments using cloud IPAM, including Cilium ENI on EKS (`eni.enabled`), AlibabaCloud ENI (`alibabacloud.enabled`), Azure IPAM (`azure.enabled`, but not AKS BYOCNI), and some GKE deployments (`gke.enabled`; managed offerings such as GKE Dataplane V2 may use different defaults). It is typically not enabled in tunneled deployments, and chaining deployments are not affected. In practice, Amazon EKS with Cilium ENI mode is likely the most common affected environment. Versions 1.17.14, 1.18.8, and 1.19.2 contain a patch. There is currently no officially verified or comprehensive workaround for this issue. The only option would be to disable per-endpoint routes, but this will likely cause disruptions to ongoing connections, and potential conflicts if running in cloud providers.
Title Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic
Weaknesses CWE-284
CWE-863
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N'}

Subscriptions

Cilium Cilium
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-27T13:50:24.672Z

Reserved: 2026-03-23T17:34:57.559Z

Link: CVE-2026-33726

cve-icon Vulnrichment

Updated: 2026-03-27T13:24:24.487Z

cve-icon NVD

Status : Received

Published: 2026-03-27T01:16:20.007

Modified: 2026-03-27T01:16:20.007

Link: CVE-2026-33726

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:22:34Z

Weaknesses