CVE-2026-56742 - CERT CVE
ID CVE-2026-56742
Sažetak Cilium is a networking, observability, and security solution. Prior to 1.17.17, 1.18.11, and 1.19.5, Cilium clusters using Gateway API allow users with permissions to create or update namespaced HTTPRoutes to mirror HTTP traffic to any Service in any namespace, bypassing the ReferenceGrant authorization mechanism. Gateway API functionality is disabled by default. This issue is fixed in versions 1.17.17, 1.18.11, and 1.19.5.
Reference
CVSS
Base: 5.9
Impact: 3.7
Exploitability:1.7
Pristup
VektorSloženostAutentikacija
ADJACENT_NETWORK LOW HIGH
Impact
PovjerljivostCjelovitostDostupnost
LOW LOW LOW
CVSS vektor CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L
Zadnje važnije ažuriranje 15-07-2026 - 20:54
Objavljeno 15-07-2026 - 20:17