Incorrect Authorization Affecting cilium-fips-1.19-operator-aws package, versions <1.19.4-r0


Severity

Recommended
low

Based on default assessment until relevant scores are available.

Threat Intelligence

EPSS
0.34% (27th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-MINIMOSLATEST-CILIUMFIPS119OPERATORAWS-17882404
  • published8 Jul 2026
  • disclosed7 Jul 2026

Introduced: 7 Jul 2026

NewCVE-2026-53935  (opens in a new tab)
CWE-863  (opens in a new tab)

How to fix?

Upgrade Minimos:latest cilium-fips-1.19-operator-aws to version 1.19.4-r0 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream cilium-fips-1.19-operator-aws package and not the cilium-fips-1.19-operator-aws package as distributed by Minimos. See How to fix? for Minimos:latest relevant fixed versions and status.

Cilium is a networking, observability, and security solution. Prior to 1.17.16, from 1.18.2 to 1.18.9, and from 1.19.0 to 1.19.3, users with the ability to create CiliumLocalRedirectPolicies can specify arbitrary ClusterIPs via addressMatcher, enabling hijacking traffic to Services in any namespace and bypassing namespace scoping enforced by serviceMatcher; deleting such a policy can also corrupt Cilium internal service state and stop service translation for the affected Service. This issue is fixed in versions 1.17.16, 1.18.10, and 1.19.4.