CVE Catalog

CVE-2026-10722

LowCVSS 3.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.01%

2th percentile — higher than 2% of all known CVEs

Summary

A vulnerability has been found in cilium ebpf up to version 0.21.0, affecting the loadRawSpec function in the btf/btf.go file. Manipulation of the argument offset leads to integer overflow.

Risk Assessment

The attack can only be performed from a local environment, which limits its scope, but the disclosed vulnerability may be exploited by third parties.

Recommendation

It is recommended to apply the patch named 533dfc82fd228bfadf42ea7180c39de7d9af47fa to remediate this issue.

Original NVD description (English source)

A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation of the argument offset leads to integer overflow. The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The name of the patch is 533dfc82fd228bfadf42ea7180c39de7d9af47fa. A patch should be applied to remediate this issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS