CVE-2026-49445 Overview
CVE-2026-49445 is an insecure permissions vulnerability [CWE-732] in Cilium, an open-source networking, observability, and security solution for Kubernetes. When Cilium Layer 7 (L7) functionality is enabled, the embedded or standalone Envoy instance creates a world-accessible admin.sock UNIX domain socket on cluster nodes. A local attacker on the node can access Envoy administrative endpoints, extract TLS secrets, disrupt cluster traffic, or terminate the Envoy process. The issue affects Cilium versions prior to 1.17.14, 1.18.8, and 1.19.2.
Critical Impact
Local users on Cilium cluster nodes can read TLS secrets from Envoy admin endpoints and disrupt or terminate cluster L7 traffic processing.
Affected Products
- Cilium versions prior to 1.17.14
- Cilium versions prior to 1.18.8
- Cilium versions prior to 1.19.2 (embedded and standalone Envoy deployments)
Discovery Timeline
- 2026-07-15 - CVE-2026-49445 published to NVD
- 2026-07-15 - Last updated in NVD database
Technical Details for CVE-2026-49445
Vulnerability Analysis
Cilium relies on Envoy to enforce L7 network policies, TLS termination, and observability for HTTP, gRPC, and Kafka traffic. Envoy exposes an admin interface via a UNIX domain socket at the path defined by config.adminPath. In affected versions, Cilium creates this socket without restricting file mode permissions, resulting in world read/write access on the node filesystem.
Any local user or compromised container with a hostPath mount to the socket directory can connect to admin.sock and issue administrative commands. The Envoy admin interface exposes runtime configuration, certificate material via the /certs endpoint, cluster statistics, and lifecycle controls including /quitquitquit.
Root Cause
The vulnerability stems from missing socket permission enforcement in Cilium's Envoy bootstrap logic. The Pipe configuration in pkg/envoy/embedded_envoy.go created the admin socket without specifying a Mode field, causing Envoy to fall back to default permissions that allow world access.
Attack Vector
Exploitation requires local access to a Cilium-managed node. An attacker with shell access, a compromised pod with an appropriate hostPath volume, or code execution as any local user can connect to the socket and issue HTTP requests to Envoy administrative endpoints. No authentication is required once the socket is reachable.
// Security patch in pkg/envoy/embedded_envoy.go
// envoy: remove world access to admin socket
Admin: &envoy_config_bootstrap.Admin{
Address: &envoy_config_core.Address{
Address: &envoy_config_core.Address_Pipe{
- Pipe: &envoy_config_core.Pipe{Path: config.adminPath},
+ Pipe: &envoy_config_core.Pipe{Path: config.adminPath, Mode: 0660},
},
},
},
Source: Cilium commit 7bfbdd5c. The fix sets the socket mode to 0660, restricting access to the owner and group.
Detection Methods for CVE-2026-49445
Indicators of Compromise
- Unexpected connections to the Envoy admin.sock file from processes outside the Cilium agent or Envoy proxy.
- Access to Envoy admin endpoints such as /certs, /config_dump, /clusters, or /quitquitquit from local processes.
- Unexpected Envoy process restarts or termination events on cluster nodes.
- TLS certificate or private key material appearing in process memory dumps or logs of non-Cilium workloads.
Detection Strategies
- Audit file permissions of the Envoy admin socket on all Cilium nodes and alert when the mode is not 0660 or stricter.
- Monitor execve and connect syscalls targeting the admin socket path using eBPF-based runtime tooling or auditd.
- Review pod specifications for hostPath mounts that expose the Cilium runtime directory to workloads.
Monitoring Recommendations
- Log and alert on all HTTP requests reaching the Envoy admin listener, correlating client PID and container identity.
- Track Envoy lifecycle events, including unexpected reloads or shutdowns, through the Cilium agent metrics endpoint.
- Enforce Kubernetes admission policies that deny hostPath mounts referencing Cilium socket directories.
How to Mitigate CVE-2026-49445
Immediate Actions Required
- Upgrade Cilium to 1.17.14, 1.18.8, or 1.19.2 on all clusters where L7 functionality is enabled.
- Inventory nodes running affected versions and prioritize clusters that terminate TLS via Cilium L7 policies.
- Rotate any TLS secrets and private keys managed by Envoy in case they were exposed prior to patching.
Patch Information
The fix is available in Cilium releases v1.17.14, v1.18.8, and v1.19.2. Details are documented in GHSA-3fcv-jvfp-m4q9 and implemented in pull request #44512.
Workarounds
- Restrict node-level shell access and enforce Pod Security Standards to prevent hostPath mounts of Cilium runtime directories.
- Apply node-local file permission hardening to set the Envoy admin socket mode to 0660 until patching completes.
- Disable Cilium L7 policy enforcement on affected clusters if it is not required, which prevents Envoy from starting.
# Verify Cilium version and inspect admin socket permissions on a node
kubectl -n kube-system exec ds/cilium -- cilium version
kubectl -n kube-system exec ds/cilium -- \
find /var/run/cilium/envoy -name 'admin.sock' -exec stat -c '%a %n' {} \;
# Expected mode after patch: 660
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

