CVE-2026-33726: Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic
(updated )
Ingress Network Policies are not enforced for traffic from pods to L7 Services (Envoy, GAMMA) with a local backend on the same node, when Per-Endpoint Routing is enabled and BPF Host Routing is disabled.
Per-Endpoint Routing is disabled by default, but is automatically enabled in deployments using cloud IPAM, including Cilium ENI on EKS (eni.enabled), AlibabaCloud ENI (alibabacloud.enabled), Azure IPAM (azure.enabled, but not AKS BYOCNI), and some GKE deployments (gke.enabled; managed offerings such as GKE Dataplane V2 may use different defaults). It is typically not enabled in tunneled deployments, and chaining deployments are not affected. In practice, Amazon EKS with Cilium ENI mode is likely the most common affected environment.
References
- docs.cilium.io/en/stable/network/concepts/routing/
- docs.cilium.io/en/stable/network/kubernetes/policy/
- docs.cilium.io/en/stable/network/servicemesh/l7-traffic-management
- docs.cilium.io/en/stable/operations/performance/tuning/
- github.com/advisories/GHSA-hxv8-4j4r-cqgv
- github.com/cilium/cilium
- github.com/cilium/cilium/pull/44693
- github.com/cilium/cilium/security/advisories/GHSA-hxv8-4j4r-cqgv
- nvd.nist.gov/vuln/detail/CVE-2026-33726
Code Behaviors & Features
Detect and mitigate CVE-2026-33726 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →