CVE-2026-25804
Unknown Unknown - Not Provided
Integer Overflow in Antrea Network Policy Causes Traffic Enforcement Errors

Publication date: 2026-02-06

Last updated on: 2026-02-28

Assigner: GitHub, Inc.

Description
Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to versions 2.3.2 and 2.4.3, Antrea's network policy priority assignment system has a uint16 arithmetic overflow bug that causes incorrect OpenFlow priority calculations when handling a large numbers of policies with various priority values. This results in potentially incorrect traffic enforcement. This issue has been patched in versions 2.4.3.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-06
Last Modified
2026-02-28
Generated
2026-05-07
AI Q&A
2026-02-07
EPSS Evaluated
2026-05-05
NVD
CVE-2026-25804
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
linuxfoundation antrea to 2.3.2 (exc)
linuxfoundation antrea From 2.4.0 (inc) to 2.4.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in Antrea, a Kubernetes networking solution. Before versions 2.3.2 and 2.4.3, Antrea's network policy priority assignment system had a uint16 arithmetic overflow bug. This bug caused incorrect calculations of OpenFlow priorities when managing a large number of policies with different priority values.

As a result, the system could enforce network traffic policies incorrectly, potentially allowing or blocking traffic in unintended ways. The issue was fixed in version 2.4.3.


How can this vulnerability impact me? :

The vulnerability can lead to incorrect enforcement of network traffic policies in Kubernetes environments using Antrea. This means that network traffic might be allowed or denied incorrectly, potentially exposing sensitive services or blocking legitimate traffic.

Such misconfigurations can result in security risks, including unauthorized access or denial of service, depending on how the network policies are intended to function.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should upgrade Antrea to version 2.4.3 or later, where the uint16 arithmetic overflow bug in the network policy priority assignment system has been patched.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart