Affected by GO-2024-3290
and 6 other vulnerabilities
GO-2024-3290: Cilium's Layer 7 policy enforcement may not occur in policies with wildcarded port ranges in github.com/cilium/cilium
GO-2025-3415: DoS in Cilium agent DNS proxy from crafted DNS responses in github.com/cilium/cilium
GO-2025-3416: Cilium has an information leakage via insecure default Hubble UI CORS header in github.com/cilium/cilium
GO-2025-3560: Cilium East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers in github.com/cilium/cilium
GO-2025-3561: Cilium node based network policies may incorrectly allow workload traffic in github.com/cilium/cilium
GO-2025-3635: In Cilium, packets from terminating endpoints may not be encrypted in Wireguard-enabled clusters in github.com/cilium/cilium
GO-2025-4167: Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic in Ciliumgithub.com/cilium/cilium
var Cell = cell.Module(
"network-policy-validator",
"Validates CNPs and CCNPs and reports their validity status",
cell.Config(defaultConfig),
cell.Invoke(registerPolicyValidator),
)
Affected by 
Documentation
¶
Source Files