Cilium may not enforce host firewall policies when Native Routing,...

6.1 / 10

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Description

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, WireGuard and Node Encryption are enabled. This issue has been fixed in version 1.18.6.

Basic Information

ID CVE-2026-26963

Source GitHub_M

Published Feb 19, 2026 at 23:38

Affected Product

Vendor cilium

Product cilium

Version >= 1.18.0, < 1.18.6

Affected Versions cilium cilium >= 1.18.0, < 1.18.6

CWE Classification

CWE-863

References

{
    "lastseen": "",
    "description": "Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.18.0 through 1.18.5 will incorrectly permit traffic from Pods on other nodes when Native Routing, WireGuard and Node Encryption are enabled. This issue has been fixed in version 1.18.6.",
    "published": "2026-02-19T23:38:36.110Z",
    "modified": "2026-02-19T23:38:36.110Z",
    "type": "cve",
    "title": "Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled",
    "source": "GitHub_M",
    "references": "https://github.com/cilium/cilium/security/advisories/GHSA-5r23-prx4-mqg3\nhttps://github.com/cilium/cilium/pull/42892\nhttps://github.com/cilium/cilium/commit/88e28e1e62c0b1a02c3f0fc22d888ac9eefbe885\nhttps://github.com/cilium/cilium/releases/tag/v1.18.6",
    "id": "CVE-2026-26963",
    "bulletinFamily": "",
    "cwe": [
        "CWE-863"
    ],
    "cvelist": null,
    "sourceData": "cilium cilium >= 1.18.0, < 1.18.6",
    "sourceHref": "",
    "cvss": {
        "score": 6.1,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "cilium",
    "version": ">= 1.18.0, < 1.18.6",
    "vendor": "cilium",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Cilium may not enforce host firewall policies when Native Routing, WireGuard and Node Encryption are enabled_CVE-2026-26963