Description
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.15, 1.18.9, and 1.19.3, the output of cilium-bugtool can contain sensitive data when the tool is run against Cilium deployments with WireGuard encryption enabled. This issue has been patched in versions 1.17.15, 1.18.9, and 1.19.3.
Published: 2026-05-08
Score: 7.9 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows the cilium-bugtool debugging utility to include sensitive information in the generated archive when WireGuard encryption is enabled on Cilium deployments. The compromised data set can contain configuration details, key material, or other confidential information that is not intended for external distribution. The impact is a breach of confidentiality for any stakeholders who may obtain the archive, such as administrators or third‑party auditors.

Affected Systems

The issue affects the Cilium networking, observability, and security platform. Versions prior to 1.17.15, 1.18.9, and 1.19.3 are impacted; the issue was patched in the corresponding releases.

Risk and Exploitability

The CVSS score of 7.9 indicates high severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Exploitation likely requires local or privileged access to execute cilium-bugtool, as the tool must be run on a node within the Cilium cluster. The risk is thus significant for environments where cluster administrators can run debugging utilities on encrypted deployments.

Generated by OpenCVE AI on May 8, 2026 at 23:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Cilium to v1.17.15, v1.18.9, or v1.19.3 or later
  • If an upgrade is not possible, avoid running cilium-bugtool when WireGuard encryption is enabled, or restrict its execution to trusted personnel
  • Validate the contents of the cilium-bugtool archive before sharing or distributing it to external parties

Generated by OpenCVE AI on May 8, 2026 at 23:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-gj49-89wh-h4gj Cillium exposes sensitive information included in the cilium-bugtool debug archive
History

Fri, 08 May 2026 23:45:00 +0000

Type Values Removed Values Added
First Time appeared Cilium
Cilium cilium
Vendors & Products Cilium
Cilium cilium

Fri, 08 May 2026 22:30:00 +0000

Type Values Removed Values Added
Description Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.15, 1.18.9, and 1.19.3, the output of cilium-bugtool can contain sensitive data when the tool is run against Cilium deployments with WireGuard encryption enabled. This issue has been patched in versions 1.17.15, 1.18.9, and 1.19.3.
Title Cillium exposes sensitive information included in the cilium-bugtool debug archive
Weaknesses CWE-200
CWE-312
References
Metrics cvssV3_1

{'score': 7.9, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N'}

Subscriptions

Cilium Cilium
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-08T22:01:08.394Z

Reserved: 2026-04-20T18:18:50.682Z

Link: CVE-2026-41520

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-08T23:16:35.597

Modified: 2026-05-08T23:16:35.597

Link: CVE-2026-41520

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-08T23:30:15Z

Weaknesses