CVE-2026-53935

Source
https://cve.org/CVERecord?id=CVE-2026-53935
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53935.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-53935
Aliases
Downstream
Related
Published
2026-07-07T20:44:54.972Z
Modified
2026-07-09T04:02:05.966946072Z
Severity
  • 6.9 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H CVSS Calculator
Summary
CiliumLocalRedirectPolicy addressMatcher allows cross-namespace service traffic hijacking and can break service translation
Details

Cilium is a networking, observability, and security solution. Prior to 1.17.16, from 1.18.2 to 1.18.9, and from 1.19.0 to 1.19.3, users with the ability to create CiliumLocalRedirectPolicies can specify arbitrary ClusterIPs via addressMatcher, enabling hijacking traffic to Services in any namespace and bypassing namespace scoping enforced by serviceMatcher; deleting such a policy can also corrupt Cilium internal service state and stop service translation for the affected Service. This issue is fixed in versions 1.17.16, 1.18.10, and 1.19.4.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53935.json",
    "cwe_ids": [
        "CWE-863"
    ],
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/cilium/cilium

Affected ranges

Type
GIT
Repo
https://github.com/cilium/cilium
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.17.16"
        },
        {
            "introduced": "1.18.2"
        },
        {
            "fixed": "1.18.10"
        },
        {
            "introduced": "1.19.0"
        },
        {
            "fixed": "1.19.4"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ]
}

Affected versions

1.*
1.10.0-rc0
1.11.0-rc0
1.11.0-rc1
1.11.0-rc2
1.12.0-rc0
1.12.0-rc1
1.12.0-rc2
1.13.0-rc0
1.13.0-rc1
1.13.0-rc2
1.13.0-rc3
1.14.0-pre.2
1.14.0-rc.0
1.14.0-snapshot.0
1.14.0-snapshot.1
1.14.0-snapshot.2
1.14.0-snapshot.3
1.14.0-snapshot.4
1.15.0-pre.0
1.15.0-pre.1
1.15.0-pre.2
1.15.0-pre.3
1.16.0-pre.0
1.16.0-pre.1
1.16.0-pre.2
1.16.0-pre.3
1.16.0-rc.0
1.17.0
1.17.0-pre.0
1.17.0-pre.1
1.17.0-pre.2
1.17.0-pre.3
1.17.0-rc.0
1.17.0-rc.1
1.17.0-rc.2
1.17.1
1.17.10
1.17.11
1.17.12
1.17.13
1.17.14
1.17.15
1.17.2
1.17.3
1.17.4
1.17.5
1.17.6
1.17.7
1.17.8
1.17.9
1.18.2
1.18.3
1.18.4
1.18.5
1.18.6
1.18.7
1.18.8
1.18.9
1.19.0
1.19.1
1.19.2
1.19.3
1.5.0-rc2
1.8.0-rc1
1.9.0-rc0
1.9.0-rc1
v0.*
v0.10.0
v0.13.1
v0.13.10
v0.13.14
v0.13.15
v0.13.16
v0.13.17
v0.13.18
v0.13.19
v0.13.2
v0.13.20
v0.13.21
v0.13.22
v0.13.25
v0.13.4
v0.13.5
v0.13.6
v0.13.8
v0.8.0
v0.8.2
v0.9.0-rc1
v1.*
v1.0.0-rc1
v1.0.0-rc4
v1.0.0-rc5
v1.0.0-rc6
v1.0.0-rc7
v1.0.0-rc8
v1.0.0-rc9
v1.10.0-rc0
v1.11.0-rc0
v1.11.0-rc1
v1.11.0-rc2
v1.12.0-rc0
v1.12.0-rc1
v1.12.0-rc2
v1.13.0-rc0
v1.13.0-rc1
v1.13.0-rc2
v1.13.0-rc3
v1.14.0-pre.2
v1.14.0-rc.0
v1.14.0-snapshot.0
v1.14.0-snapshot.1
v1.14.0-snapshot.2
v1.14.0-snapshot.3
v1.14.0-snapshot.4
v1.14.0-snapshot.5
v1.15.0-pre.0
v1.15.0-pre.1
v1.15.0-pre.2
v1.15.0-pre.3
v1.16.0-pre.0
v1.16.0-pre.1
v1.16.0-pre.2
v1.16.0-pre.3
v1.16.0-rc.0
v1.17.0
v1.17.0-pre.0
v1.17.0-pre.1
v1.17.0-pre.2
v1.17.0-pre.3
v1.17.0-rc.0
v1.17.0-rc.1
v1.17.0-rc.2
v1.17.1
v1.17.10
v1.17.11
v1.17.12
v1.17.13
v1.17.14
v1.17.15
v1.17.2
v1.17.3
v1.17.4
v1.17.5
v1.17.6
v1.17.7
v1.17.8
v1.17.9
v1.18.2
v1.18.3
v1.18.4
v1.18.5
v1.18.6
v1.18.7
v1.18.8
v1.18.9
v1.19.0
v1.19.1
v1.19.2
v1.19.3
v1.3.0-rc1
v1.5.0-rc1
v1.5.0-rc2
v1.6.0-rc1
v1.6.0-rc2
v1.6.0-rc3
v1.7.0-rc1
v1.7.0-rc2
v1.8.0-rc1
v1.9.0-rc0
v1.9.0-rc1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53935.json"