CVE-2026-34992: Missing Encryption of Sensitive Data in antrea.io/antrea

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-34992

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Missing Encryption of Sensitive Data in antrea.io/antrea

Source: NVD (National Vulnerability Database)

Vulnerability Description

Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to 2.4.5 and 2.5.2, a missing encryption vulnerability affects inter-Node Pod traffic. In Antrea clusters configured for dual-stack networking with IPsec encryption enabled (trafficEncryptionMode: ipsec), Antrea fails to apply encryption for IPv6 Pod traffic. While the IPv4 traffic is correctly encrypted via ESP (Encapsulating Security Payload), traffic using IPv6 is transmitted in plaintext. This occurs because the packets are encapsulated (using Geneve or VXLAN) but bypass the IPsec encryption layer. Impacted Users: users with dual-stack clusters and IPsec encryption enabled. Single-stack IPv4 or IPv6 clusters are not affected. This vulnerability is fixed in 2.4.5 and 2.5.2.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

敏感数据加密缺失

Source: NVD (National Vulnerability Database)

Vulnerability Title

Antrea 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Antrea是antrea.io开源的一个Kubernetes网络配置软件。 Antrea 2.4.5之前版本和2.5.2之前版本存在安全漏洞，该漏洞源于缺少加密，影响启用了IPsec加密的双栈网络配置中的节点间Pod IPv6流量，可能导致IPv6流量以明文传输。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
antrea-io	antrea	< 2.4.5	-

II. Public POCs for CVE-2026-34992

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-34992

Please Login to view more intelligence information

https://github.com/antrea-io/antrea/pull/7759x_refsource_MISC
https://github.com/antrea-io/antrea/blob/main/docs/traffic-encryption.mdx_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2026-34992

IV. Related Vulnerabilities

Same product: antrea

CVE-2026-25804
Antrea has invalid enforcement order for network policy rule

Same vendor: antrea-io

CVE-2026-25804
Antrea has invalid enforcement order for network policy rule

Same weakness: CWE-311

V. Comments for CVE-2026-34992

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2026-34992

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-34992

III. Intelligence Information for CVE-2026-34992

IV. Related Vulnerabilities

V. Comments for CVE-2026-34992

Leave a comment