{"id":"CVE-2026-41520","summary":"Cillium exposes sensitive information included in the cilium-bugtool debug archive","details":"Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.15, 1.18.9, and 1.19.3, the output of cilium-bugtool can contain sensitive data when the tool is run against Cilium deployments with WireGuard encryption enabled. This issue has been patched in versions 1.17.15, 1.18.9, and 1.19.3.","aliases":["BIT-cilium-2026-41520","BIT-cilium-operator-2026-41520","BIT-hubble-relay-2026-41520","GHSA-gj49-89wh-h4gj","GO-2026-5400"],"modified":"2026-07-08T07:28:28.173865840Z","published":"2026-05-08T22:01:08.394Z","related":["CGA-9w67-36wp-c3p2"],"database_specific":{"cwe_ids":["CWE-200","CWE-312"],"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/41xxx/CVE-2026-41520.json"},"references":[{"type":"WEB","url":"https://github.com/cilium/cilium/releases/tag/v1.17.15"},{"type":"WEB","url":"https://github.com/cilium/cilium/releases/tag/v1.18.9"},{"type":"WEB","url":"https://github.com/cilium/cilium/releases/tag/v1.19.3"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/41xxx/CVE-2026-41520.json"},{"type":"ADVISORY","url":"https://github.com/cilium/cilium/security/advisories/GHSA-gj49-89wh-h4gj"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41520"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cilium/cilium","events":[{"introduced":"0"},{"fixed":"4206eaa53006115b8a52cbab6394c78f06ebcf6a"},{"introduced":"274205f001bb24b89d19f0fe7c3fb3aca20030c2"},{"fixed":"c4898256570989a353f65304446e02da9aaa812f"},{"introduced":"7c6667e1e707d7f39a4af3409c2a9ebea2917d32"},{"fixed":"f5eb641b18502ebeca412b40c1bec7ff3d8bf9eb"}],"database_specific":{"cpe":"cpe:2.3:a:cilium:cilium:*:*:*:*:*:*:*:*","source":["CPE_RANGE","REFERENCES"],"extracted_events":[{"introduced":"0"},{"fixed":"1.17.15"},{"introduced":"1.18.0"},{"fixed":"1.18.9"},{"introduced":"1.19.0"},{"fixed":"1.19.3"}]}}],"versions":["v1.17.14","1.17.14","v1.19.2","1.19.2","v1.18.8","1.18.8","v1.19.1","1.19.1","v1.17.13","1.17.13","v1.18.7","1.18.7","v1.19.0","1.19.0","v1.18.6","1.18.6","v1.17.12","1.17.12","v1.18.5","1.18.5","v1.17.11","1.17.11","v1.18.4","1.18.4","v1.17.10","1.17.10","v1.18.3","1.18.3","v1.17.9","1.17.9","v1.17.8","1.17.8","v1.18.2","1.18.2","v1.18.1","1.18.1","v1.17.7","1.17.7","v1.18.0","1.18.0","v1.17.6","1.17.6","v1.17.5","1.17.5","v1.17.4","1.17.4","v1.17.3","1.17.3","v1.17.2","1.17.2","v1.17.1","1.17.1","v1.17.0","1.17.0","v1.17.0-rc.2","1.17.0-rc.2","v1.17.0-rc.1","1.17.0-rc.1","v1.17.0-rc.0","1.17.0-rc.0","v1.17.0-pre.3","1.17.0-pre.3","v1.17.0-pre.2","1.17.0-pre.2","v1.17.0-pre.1","1.17.0-pre.1","v1.17.0-pre.0","1.17.0-pre.0","v1.16.0-rc.0","1.16.0-rc.0","v1.16.0-pre.3","1.16.0-pre.3","v1.16.0-pre.2","1.16.0-pre.2","v1.16.0-pre.1","1.16.0-pre.1","v1.16.0-pre.0","1.16.0-pre.0","v1.15.0-pre.3","1.15.0-pre.3","v1.15.0-pre.2","1.15.0-pre.2","v1.15.0-pre.1","1.15.0-pre.1","v1.15.0-pre.0","1.15.0-pre.0","v1.14.0-snapshot.5","v1.14.0-rc.0","1.14.0-rc.0","v1.14.0-snapshot.4","1.14.0-snapshot.4","v1.14.0-snapshot.3","1.14.0-snapshot.3","v1.14.0-snapshot.2","v1.14.0-pre.2","1.14.0-snapshot.2","1.14.0-pre.2","v1.14.0-snapshot.1","1.14.0-snapshot.1","v1.14.0-snapshot.0","1.14.0-snapshot.0","v1.13.0-rc3","1.13.0-rc3","v1.13.0-rc2","1.13.0-rc2","v1.13.0-rc1","1.13.0-rc1","v1.13.0-rc0","1.13.0-rc0","v1.12.0-rc2","1.12.0-rc2","v1.12.0-rc1","1.12.0-rc1","v1.12.0-rc0","1.12.0-rc0","v1.11.0-rc2","1.11.0-rc2","v1.11.0-rc1","1.11.0-rc1","v1.11.0-rc0","1.11.0-rc0","v1.10.0-rc0","1.10.0-rc0","v1.9.0-rc1","1.9.0-rc1","v1.9.0-rc0","1.9.0-rc0","v1.8.0-rc1","1.8.0-rc1","v1.7.0-rc2","v1.7.0-rc1","v1.6.0-rc3","v1.6.0-rc2","v1.6.0-rc1","v1.5.0-rc2","1.5.0-rc2","v1.5.0-rc1","v1.3.0-rc1","v0.13.25","v0.13.22","v0.13.21","v1.0.0-rc9","v0.13.20","v0.13.19","v0.13.18","v0.13.17","v0.13.16","v0.13.15","v1.0.0-rc8","v0.13.14","v1.0.0-rc7","v1.0.0-rc6","v0.13.10","v0.13.8","v1.0.0-rc5","v0.13.6","v0.13.5","v1.0.0-rc4","v0.13.4","v0.13.2","v0.13.1","v1.0.0-rc1","v0.10.0","v0.9.0-rc1","v0.8.2","v0.8.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-41520.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N"}]}