CNNVD-202602-932 Information

CNNVD ID

CNNVD-202602-932

Related CVE

CVE-2026-25804

• CNNVD Published: 2026-02-06

Description (Chinese)

Antrea是antrea.io开源的一个Kubernetes网络配置软件。 Antrea 2.3.2之前版本和2.4.3之前版本存在安全漏洞，该漏洞源于网络策略优先级分配系统存在uint16算术溢出错误，可能导致流量强制执行不正确。

Description (English)

Antrea is a Kubernetes network configuration software from antrea.io open source. There is a security loophole in the pre-Antrea 2.3.2 and pre-2.4.3 versions, which stems from the uint16 arithmetic error in the network strategy priority distribution system, which may lead to incorrect traffic enforcement.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

antrea.io

Published

2026-02-06

Last Modified

2026-02-24

References

https://github.com/antrea-io/antrea/commit/86c4b6010f3be536866f339b632621c23d7186fa https://github.com/antrea-io/antrea/pull/7496 https://github.com/antrea-io/antrea/security/advisories/GHSA-86x4-wp9f-wrr9 https://access.redhat.com/security/cve/cve-2026-25804

Patch

https://antrea.io/