CVE-2026-41520
EUVD-2026-2884508.05.2026, 23:16
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.15, 1.18.9, and 1.19.3, the output of cilium-bugtool can contain sensitive data when the tool is run against Cilium deployments with WireGuard encryption enabled. This issue has been patched in versions 1.17.15, 1.18.9, and 1.19.3.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| cilium | cilium | 𝑥 < 1.17.15 |
| cilium | cilium | 1.18.0 ≤ 𝑥 < 1.18.9 |
| cilium | cilium | 1.19.0 ≤ 𝑥 < 1.19.3 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
- CWE-312 - Cleartext Storage of Sensitive InformationThe product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.