CVE-2026-33726

Summary

Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic in github.com/cilium/cilium

Severity

medium

EPSS

0.2% (p15)

Also known as

GHSA-hxv8-4j4r-cqgv, BIT-cilium-2026-33726, BIT-cilium-operator-2026-33726, BIT-hubble-relay-2026-33726, GO-2026-4856

Published

2026-03-26

References

• https://github.com/cilium/cilium/security/advisories/GHSA-hxv8-4j4r-cqgv
• https://github.com/cilium/cilium/pull/44693
• https://docs.cilium.io/en/stable/network/concepts/routing/#routing

Related advisories

• CVE-2026-41520 — high · Go/github.com/cilium/cilium
• CVE-2026-26963 — medium · Go/github.com/cilium/cilium
• CVE-2025-64715 — medium · Go/github.com/cilium/cilium

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Summarize with AI

ChatGPTClaudePerplexity