Affected by GO-2025-4167
and 4 other vulnerabilities
GO-2025-4167: Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic in Ciliumgithub.com/cilium/cilium
GO-2026-4856: Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic in github.com/cilium/cilium
GO-2026-5400: Cillium exposes sensitive information included in the cilium-bugtool debug archive in github.com/cilium/cilium
GO-2026-5905: Cilium vulnerable to sensitive information disclosure and cluster disruption via local Envoy admin socket access in github.com/cilium/cilium
GO-2026-5914: CiliumLocalRedirectPolicy addressMatcher allows cross-namespace service traffic hijacking and can break service translation in github.com/cilium/cilium
RemoveAll removes all cidrs specified in 'toRemove' from 'ipNets'. ipNets
is clobbered (to ensure removed CIDRs can be garbage collected) and
must not be used after this function has been called.
Example usage: