CVE-2026-41520
HIGH7.9EPSS 0.01%Cillium exposes sensitive information included in the cilium-bugtool debug archive
Published: 4/25/2026Modified: 5/19/2026
Also known as:GHSA-gj49-89wh-h4gjBIT-cilium-2026-41520BIT-cilium-operator-2026-41520BIT-hubble-relay-2026-41520
Description
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.15, 1.18.9, and 1.19.3, the output of cilium-bugtool can contain sensitive data when the tool is run against Cilium deployments with WireGuard encryption enabled. This issue has been patched in versions 1.17.15, 1.18.9, and 1.19.3.
Affected packages (4)
- Bitnami/ciliumfrom 0, < 1.17.15, >= 1.18.0, < 1.18.9, >= 1.19.0, < 1.19.3
- Bitnami/cilium-operatorfrom 0, < 1.17.15, >= 1.18.0, < 1.18.9, >= 1.19.0, < 1.19.3
- Bitnami/hubble-relayfrom 0, < 1.17.15, >= 1.18.0, < 1.18.9, >= 1.19.0, < 1.19.3
- Go/github.com/cilium/ciliumfrom 0, < 1.17.15
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.9 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N |
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-41520
- PATCHhttps://github.com/cilium/cilium
- WEBhttp://docs.cilium.io/en/stable/security/network/encryption-wireguard
- WEBhttps://github.com/cilium/cilium/releases/tag/v1.17.15
- WEBhttps://github.com/cilium/cilium/releases/tag/v1.18.9
- WEBhttps://github.com/cilium/cilium/releases/tag/v1.19.3
- WEBhttps://github.com/cilium/cilium/security/advisories/GHSA-gj49-89wh-h4gj