CVE-2026-41520 - Cilium bugtool WireGuard private key disclosure

Cilium deployments using WireGuard transparent encryption can leak sensitive node encryption material into cilium-bugtool and Cilium CLI cilium sysdump debug archives. The sensitive file is the WireGuard private key cilium_wg0.key, which is used for node-to-node encrypted communication.

The bugtool path is normally operator-invoked, not part of steady-state Cilium traffic processing. The practical risk appears when a team collects sysdumps from WireGuard-enabled nodes and then uploads those archives into support tickets, CI artifacts, chat, object storage, incident workspaces, vendor portals, or long-lived evidence stores. In those cases, the remediation is a cluster upgrade plus evidence handling: old debug archives may need purging and WireGuard keys may need rotation.

This matters to SecurityRecipes because debug archives are context. A secure context layer cannot treat troubleshooting bundles as harmless logs when they can contain private keys, tokens, or other live control-plane material.

Affected versions

Vulnerable: Cilium <1.17.15
Fixed: Cilium 1.17.15+ on the 1.17 line
Vulnerable: Cilium >=1.18.0, <1.18.9
Fixed: Cilium 1.18.9+ on the 1.18 line
Vulnerable: Cilium >=1.19.0, <1.19.3
Fixed: Cilium 1.19.3+ on the 1.19 line
Highest-risk condition: WireGuard transparent encryption is enabled and bugtool or sysdump archives have been shared outside tightly controlled operator custody.

Indicator-of-exposure

The repository deploys or configures Cilium through Helm, Cilium CLI, Kustomize, raw Kubernetes manifests, Terraform, Flux, Argo CD, Cluster API, platform bootstrap scripts, images, or SBOMs.
A controlled target resolves to Cilium <1.17.15, >=1.18.0, <1.18.9, or >=1.19.0, <1.19.3.
WireGuard is enabled with Helm values such as encryption.enabled=true and encryption.type=wireguard, or with ConfigMap settings such as enable-wireguard: true.
Runbooks, scripts, CI jobs, support workflows, or incident procedures invoke cilium-bugtool, cilium sysdump, cilium-dbg, or archive collection from Cilium pods.
Prior bugtool or sysdump archives were uploaded to issue trackers, support cases, object storage, CI artifacts, shared folders, chat, vendor portals, or long-retention evidence systems.

Quick checks:

rg -n "cilium|quay\\.io/cilium/cilium|cilium/cilium|encryption\\.enabled|encryption\\.type|enable-wireguard|wireguard|cilium-bugtool|cilium sysdump|sysdump|cilium_wg0\\.key" .
rg -n "cilium-bugtool|cilium sysdump|sysdump|bugtool|support bundle|debug archive|artifact retention|evidence store" docs runbooks scripts .github deploy k8s helm terraform 2>/dev/null
helm list -A | grep -Ei 'cilium'
kubectl -n kube-system get ds,deploy,pods -l k8s-app=cilium -o wide
kubectl -n kube-system get cm cilium-config -o yaml | grep -Ei 'enable-wireguard|encryption'

Remediation strategy

Upgrade every controlled Cilium deployment to 1.17.15+, 1.18.9+, or 1.19.3+ on its supported release line. Prefer the latest supported patch release for the deployed minor line.
Regenerate Helm locks, rendered manifests, Kustomize output, image digests, SBOMs, GitOps bootstrap artifacts, and deployment evidence.
Treat existing Cilium bugtool/sysdump archives from WireGuard-enabled nodes as secret-bearing evidence until proven otherwise.
Purge or quarantine old archives that may contain cilium_wg0.key from support tickets, CI artifacts, object stores, shared folders, and vendor portals where this repository owns the process or policy.
Add a guardrail to support and incident workflows that blocks publication of Cilium debug archives containing cilium_wg0.key or other private-key material.
If affected archives were previously shared, coordinate WireGuard key rotation with the cluster owner. The GitHub advisory directs operators to delete the key file and restart the Cilium agent so a new key pair is generated; run that only through an approved cluster operation.

The prompt

Model context: this prompt was generated by GPT 5.5 Extra High reasoning.

You are remediating CVE-2026-41520 (Cilium bugtool/sysdump WireGuard private
key disclosure). Produce exactly one output:

- A reviewer-ready PR/change request that upgrades Cilium, prevents future
  secret-bearing debug archive publication, adds verification, and documents
  operator cleanup, or
- TRIAGE.md if this repository does not own an affected Cilium deployment,
  sysdump workflow, or safe patch path.

## Rules

- Scope only CVE-2026-41520 / GHSA-gj49-89wh-h4gj and directly related Cilium
  debug-archive handling.
- Treat `cilium_wg0.key`, WireGuard private keys, kubeconfigs, service account
  tokens, cluster credentials, sysdump archives, bugtool archives, Cilium logs,
  Hubble credentials, and incident evidence as sensitive.
- Do not print, decode, upload, snapshot, commit, or attach real private keys
  or complete debug archives to the PR.
- Do not run `cilium sysdump` or `cilium-bugtool` against production or shared
  clusters unless this repository explicitly owns the approved operational
  runbook for that action.
- Do not rotate live cluster keys, delete node files, restart Cilium agents, or
  disrupt networking from an agent session unless an approved human operator
  action is already encoded in this repository.
- Do not disable WireGuard encryption as a remediation.
- Do not auto-merge.

## Steps

1. Inventory every Cilium asset controlled by this repository:
   Helm charts, `Chart.lock`, values files, Cilium CLI install commands,
   Kustomize overlays, raw manifests, Terraform, Flux/Argo CD applications,
   Cluster API/bootstrap scripts, image tags/digests, SBOMs, generated
   manifests, support runbooks, CI jobs, incident procedures, and artifact
   retention rules.
2. Determine every resolved Cilium version. A target is vulnerable if it
   resolves to:
   - `<1.17.15`;
   - `>=1.18.0, <1.18.9`;
   - `>=1.19.0, <1.19.3`.
3. Determine whether WireGuard is enabled in any controlled target:
   - Helm values `encryption.enabled=true` and `encryption.type=wireguard`;
   - ConfigMap setting `enable-wireguard: true`;
   - Cilium CLI install flags enabling WireGuard or node-to-node encryption;
   - rendered manifests or runtime inventory proving WireGuard use.
4. Search for debug archive generation and sharing paths:
   - `cilium-bugtool`;
   - `cilium sysdump`;
   - `cilium-dbg debuginfo`;
   - CI artifact upload/download steps;
   - support bundle collection;
   - incident evidence storage;
   - vendor-support upload instructions;
   - object-store or ticket-retention policies.
5. If this repository does not deploy Cilium and does not control Cilium debug
   archive handling, stop with `TRIAGE.md` naming the files checked, the likely
   runtime owner, the vulnerable version ranges, and the required fixed
   versions.
6. Upgrade Cilium to a fixed version using the repository's normal delivery
   mechanism. Regenerate locks, rendered manifests, image digests, SBOMs,
   GitOps app manifests, deployment evidence, and version inventory.
7. Add debug archive safeguards where this repository controls the workflow:
   - mark Cilium bugtool/sysdump archives as secret-bearing evidence;
   - block or fail artifact publication when an archive contains
     `cilium_wg0.key`, `PrivateKey`, or obvious kube credential material;
   - redact or remove the sensitive file before any archive leaves operator
     custody;
   - restrict retention and access for historical archives;
   - document approved handling for vendor support upload.
8. Add operator cleanup guidance named `CVE-2026-41520 operator actions` to the
   PR body or `TRIAGE.md`:
   - Cilium versions before and after the change;
   - whether WireGuard was enabled;
   - where bugtool or sysdump archives may have been stored;
   - which tickets, CI artifacts, object stores, shared drives, or vendor cases
     should be searched for old Cilium archives;
   - whether `cilium_wg0.key` may have left operator custody;
   - whether WireGuard key rotation is required, and which human owner must
     approve deleting key files and restarting Cilium agents;
   - which audit, support, and artifact-retention logs should be reviewed.
9. Add safe verification:
   - static version checks proving no controlled target resolves to a
     vulnerable Cilium version;
   - Helm/Kustomize/Terraform/render checks for upgraded manifests;
   - SBOM or dependency scan output when available;
   - a synthetic archive fixture test that proves `cilium_wg0.key` is detected
     or rejected without using real cluster material;
   - secret-scan checks proving no private key or complete sysdump was
     committed.
10. Run the relevant validation: Helm dependency update, Helm template,
    Kustomize build, Terraform plan, policy tests, CI workflow tests, image
    build, SBOM refresh, secret scanning, and dependency/security scans
    available in this repository.
11. Use PR title:
    `fix(sec): remediate CVE-2026-41520 in Cilium sysdump handling`.

## Stop conditions

- No Cilium deployment, Cilium image, Cilium Helm chart, Cilium CLI install
  command, or Cilium debug archive workflow is controlled by this repository.
- All controlled Cilium targets already resolve to fixed versions and rendered
  artifacts prove no vulnerable target remains.
- The repository can upgrade Cilium but historical debug archive search,
  quarantine, or key rotation belongs to a separate platform or incident team.
- Proving exposure would require collecting, opening, printing, or sharing a
  real production sysdump or private key.
- Key rotation would require live cluster disruption without an approved
  operator window.
- Validation fails for unrelated pre-existing reasons; document those failures
  instead of broadening scope.

Verification - what the reviewer looks for

No controlled Helm chart, Cilium CLI command, image digest, rendered manifest, SBOM, GitOps artifact, or deployment target resolves to Cilium <1.17.15, >=1.18.0, <1.18.9, or >=1.19.0, <1.19.3.
WireGuard enablement is explicitly assessed, not assumed from package presence alone.
Debug archive handling treats Cilium bugtool/sysdump output as secret-bearing evidence.
Historical archive cleanup and WireGuard key rotation are documented for the human operator when prior sharing was possible.
Tests use synthetic fixtures and do not commit real sysdump archives or key material.

Watch for

Updating only one Cilium install path while app-of-apps manifests, rendered YAML, image digests, or SBOMs still point to vulnerable versions.
Treating the issue as “local only” and skipping cleanup of support tickets, vendor uploads, CI artifacts, or object-store archives.
Disabling WireGuard encryption to avoid the vulnerable path instead of upgrading and cleaning up evidence.
Proving the finding by collecting a fresh production sysdump and attaching it to a PR.
Key rotation steps that restart Cilium agents without a cluster owner, maintenance window, rollback plan, and communication path.

References

GitHub Advisory Database: https://github.com/advisories/GHSA-gj49-89wh-h4gj
Cilium WireGuard transparent encryption documentation: https://docs.cilium.io/en/stable/security/network/encryption-wireguard/
Cilium release v1.17.15: https://github.com/cilium/cilium/releases/tag/v1.17.15
Cilium release v1.18.9: https://github.com/cilium/cilium/releases/tag/v1.18.9
Cilium release v1.19.3: https://github.com/cilium/cilium/releases/tag/v1.19.3