CVE-2026-41520 Overview
Cilium is a networking, observability, and security solution built on an eBPF-based dataplane for Kubernetes environments. CVE-2026-41520 is an information disclosure vulnerability [CWE-200] in the cilium-bugtool diagnostic utility. When operators run cilium-bugtool against a Cilium deployment configured with WireGuard transparent encryption, the generated diagnostic archive includes sensitive data that should remain protected. The issue affects Cilium versions prior to 1.17.15, 1.18.9, and 1.19.3. Maintainers have released patched builds in each of those versions.
Critical Impact
An attacker with access to a cilium-bugtool archive collected from a WireGuard-enabled cluster can retrieve sensitive cryptographic material, undermining the confidentiality and integrity guarantees of pod-to-pod encryption.
Affected Products
- Cilium versions prior to 1.17.15
- Cilium versions prior to 1.18.9 in the 1.18.x branch
- Cilium versions prior to 1.19.3 in the 1.19.x branch
Discovery Timeline
- 2026-05-08 - CVE-2026-41520 published to NVD
- 2026-05-13 - Last updated in NVD database
Technical Details for CVE-2026-41520
Vulnerability Analysis
The cilium-bugtool utility collects diagnostic state from a running Cilium agent to help operators troubleshoot networking and policy issues. The tool gathers configuration files, runtime state, and command output, then packages them into an archive for offline analysis or vendor support. On clusters where WireGuard transparent encryption is enabled, this collection routine captures data that should not leave the node in cleartext. The result is that the archive contains sensitive material associated with the WireGuard configuration of the cluster. Any user who can read the archive inherits access to that material, regardless of the Kubernetes RBAC controls applied to the live cluster.
Root Cause
The root cause is an information exposure flaw in the diagnostic collection logic. cilium-bugtool does not redact or omit WireGuard-related state when assembling its output. The CWE-200 classification reflects the exposure of information to an actor not explicitly authorized to access it.
Attack Vector
Exploitation requires local access to a node and high privileges, as the operator must be able to run cilium-bugtool or read its output. The scope is changed because compromised key material allows an attacker to decrypt or impersonate traffic on the cluster's encrypted overlay. A common abuse path is the unintentional sharing of bugtool archives with support engineers, ticketing systems, or shared storage that has broader access than the cluster itself. The vulnerability has no public proof-of-concept and is not listed in CISA KEV.
The collection behavior is described in the project's release notes for 1.17.15, 1.18.9, and 1.19.3, and in GitHub Security Advisory GHSA-gj49-89wh-h4gj.
Detection Methods for CVE-2026-41520
Indicators of Compromise
- Presence of cilium-bugtool archive files (typically cilium-bugtool-*.tar or .tar.gz) on nodes, jump hosts, or shared storage outside the cluster boundary.
- Audit log entries showing cilium-bugtool execution on agents where WireGuard encryption is enabled.
- Bugtool archives attached to support tickets, chat threads, or ticketing systems accessible to users without cluster admin rights.
Detection Strategies
- Inventory all Cilium agent pods and confirm the running version against the patched releases 1.17.15, 1.18.9, and 1.19.3.
- Search node filesystems and operator workstations for historical cilium-bugtool archives generated while WireGuard was enabled.
- Review Kubernetes audit logs for exec calls into cilium-agent containers that invoke cilium-bugtool.
Monitoring Recommendations
- Alert on creation or transfer of cilium-bugtool archives from production clusters to external destinations.
- Track Cilium version drift across clusters and flag agents still running affected versions.
- Monitor access to file shares, object storage buckets, and ticketing attachments that may contain prior diagnostic bundles.
How to Mitigate CVE-2026-41520
Immediate Actions Required
- Upgrade Cilium to 1.17.15, 1.18.9, or 1.19.3 depending on the deployed minor version.
- Locate and securely delete any cilium-bugtool archives collected from WireGuard-enabled clusters on unpatched versions.
- Rotate WireGuard keys for affected clusters after upgrading, on the assumption that prior diagnostic bundles may have exposed key material.
- Restrict who can execute cilium-bugtool and who can retrieve its output to cluster administrators.
Patch Information
The maintainers fixed the issue in Cilium v1.17.15, Cilium v1.18.9, and Cilium v1.19.3. Operators on older branches should upgrade to one of these supported releases. Helm-based deployments should update the chart version and roll the cilium-agent DaemonSet.
Workarounds
- Avoid running cilium-bugtool on WireGuard-enabled clusters until the upgrade is complete.
- If diagnostics are required before patching, redact WireGuard-related files from the archive before sharing it outside the trust boundary of the cluster.
- Store any required bugtool output on encrypted volumes with access limited to cluster administrators.
# Verify Cilium agent versions across the cluster
kubectl -n kube-system get pods -l k8s-app=cilium \
-o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.spec.containers[0].image}{"\n"}{end}'
# Upgrade via Helm to a patched release
helm upgrade cilium cilium/cilium \
--namespace kube-system \
--version 1.19.3 \
--reuse-values
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
