Cillium exposes sensitive information included in the cilium-bugtool debug archive

7.9 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Description

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.15, 1.18.9, and 1.19.3, the output of cilium-bugtool can contain sensitive data when the tool is run against Cilium deployments with WireGuard encryption enabled. This issue has been patched in versions 1.17.15, 1.18.9, and 1.19.3.

Basic Information

ID CVE-2026-41520

Source GitHub_M

Published May 8, 2026 at 22:01

Affected Product

Vendor cilium

Product cilium

Version < 1.17.15

Affected Versions cilium cilium < 1.17.15
cilium cilium >= 1.18.0, < 1.18.9
cilium cilium >= 1.19.0, < 1.19.3

CWE Classification

CWE-200 CWE-312

References

{
    "lastseen": "",
    "description": "Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.15, 1.18.9, and 1.19.3, the output of cilium-bugtool can contain sensitive data when the tool is run against Cilium deployments with WireGuard encryption enabled. This issue has been patched in versions 1.17.15, 1.18.9, and 1.19.3.",
    "published": "2026-05-08T22:01:08.394Z",
    "modified": "2026-05-08T22:01:08.394Z",
    "type": "cve",
    "title": "Cillium exposes sensitive information included in the cilium-bugtool debug archive",
    "source": "GitHub_M",
    "references": "https://github.com/cilium/cilium/security/advisories/GHSA-gj49-89wh-h4gj\nhttps://github.com/cilium/cilium/releases/tag/v1.17.15\nhttps://github.com/cilium/cilium/releases/tag/v1.18.9\nhttps://github.com/cilium/cilium/releases/tag/v1.19.3",
    "id": "CVE-2026-41520",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200",
        "CWE-312"
    ],
    "cvelist": null,
    "sourceData": "cilium cilium < 1.17.15\ncilium cilium >= 1.18.0, < 1.18.9\ncilium cilium >= 1.19.0, < 1.19.3",
    "sourceHref": "",
    "cvss": {
        "score": 7.9,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "cilium",
    "version": "< 1.17.15",
    "vendor": "cilium",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Cillium exposes sensitive information included in the cilium-bugtool debug archive_CVE-2026-41520