CVE-2026-41520
Cillium exposes sensitive information included in the cilium-bugtool debug archive
7.9
HIGH
CVSS 3.1
EPSS 0.01%
Description
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.15, 1.18.9, and 1.19.3, the output of cilium-bugtool can contain sensitive data when the tool is run against Cilium deployments with WireGuard encryption enabled. This issue has been patched in versions 1.17.15, 1.18.9, and 1.19.3.
How to fix CVE-2026-41520
To remediate CVE-2026-41520, upgrade the affected package to a fixed version below.
- —upgrade to 1.17.15 or later
- —upgrade to 1.17.15 or later
- —upgrade to 1.17.15 or later
- —upgrade to 1.17.15 or later
Is CVE-2026-41520 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (4)
- from 0, < 1.17.15, >= 1.18.0, < 1.18.9, >= 1.19.0, < 1.19.3
- from 0, < 1.17.15, >= 1.18.0, < 1.18.9, >= 1.19.0, < 1.19.3
- from 0, < 1.17.15, >= 1.18.0, < 1.18.9, >= 1.19.0, < 1.19.3
- from 0, < 1.17.15
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.9 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N |