CVE-2026-10722
Analyzed Analyzed - Analysis Complete
Integer Overflow in Cilium eBPF up to 0.21.0

Publication date: 2026-06-03

Last updated on: 2026-06-10

Assigner: VulDB

Description
A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation of the argument offset leads to integer overflow. The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The name of the patch is 533dfc82fd228bfadf42ea7180c39de7d9af47fa. A patch should be applied to remediate this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-03
Last Modified
2026-06-10
Generated
2026-06-24
AI Q&A
2026-06-03
EPSS Evaluated
2026-06-22
NVD
CVE-2026-10722
EUVD
EUVD-2026-34082
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cilium ebpf to 0.21.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
CWE-189
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-10722 is a vulnerability in the cilium/ebpf library related to the BPF Type Format (BTF) string-table offset validation. The parser incorrectly accepts a non-zero string offset equal to the string length as valid, which leads it to perform an invalid slice operation. This causes a Go panic due to out-of-bounds slice access when the parser searches for a NUL byte in an empty slice. The root cause is a boundary check flaw in the BTF string offset parsing logic, affecting multiple string-offset consumers in the BTF and .BTF.ext parsers.

The vulnerability can be triggered by processing malformed ELF/BTF input, causing the parser to crash instead of returning a parse error. This flaw leads to denial of service by crashing processes that parse less-trusted eBPF ELF/BTF artifacts.

Impact Analysis

This vulnerability can cause denial of service (DoS) by crashing processes that parse eBPF ELF/BTF artifacts. Specifically, long-running artifact scanners or continuous integration (CI) style parser workers that handle less-trusted or malformed eBPF files may be forced to stop or restart due to parser panics.

The attack requires local access to the environment where the vulnerable parser runs, as it cannot be exploited remotely. The impact does not include remote code execution, memory corruption, privilege escalation, or kernel-level compromise.

Detection Guidance

This vulnerability manifests as a denial of service caused by a panic in the cilium/ebpf library when parsing malformed BTF (BPF Type Format) string-table offsets. Detection involves identifying processes that parse eBPF ELF/BTF artifacts and monitoring for crashes or panics related to BTF parsing.

Since the attack can only be performed locally and triggers a Go panic due to invalid slice operations, detection can focus on monitoring logs or process crashes of applications using the cilium/ebpf library, especially those handling untrusted eBPF artifacts.

No specific detection commands are provided in the available resources. However, general approaches include:

  • Monitoring logs for Go panics or crashes related to BTF parsing.
  • Using debugging or tracing tools (e.g., strace, gdb) on processes that load or parse eBPF programs to detect abnormal termination.
  • Checking for usage of vulnerable versions of the cilium/ebpf library (up to 0.21.0) in your environment.
Mitigation Strategies

The primary mitigation step is to apply the security patch that fixes the integer overflow and boundary check issues in the cilium/ebpf library.

Specifically, update the cilium/ebpf library to a version that includes the patch identified by commit 533dfc82fd228bfadf42ea7180c39de7d9af47fa, which was merged on May 27, 2026.

This patch adds proper boundary checks to prevent out-of-bounds reads and integer overflows during BTF parsing, eliminating the panic conditions.

Additionally, since the attack requires local access, restrict local user permissions and limit access to systems running vulnerable versions of the library.

Avoid processing untrusted or malformed eBPF ELF/BTF artifacts until the patch is applied.

Compliance Impact

The vulnerability in cilium/ebpf (CVE-2026-10722) causes a denial of service through a parser panic when processing malformed BTF string-table references. It does not lead to remote code execution, memory corruption, privilege escalation, or data leakage.

Since the vulnerability only results in denial of service and requires local access to exploit, it does not directly expose sensitive data or compromise confidentiality, integrity, or availability in a way that would typically violate standards like GDPR or HIPAA.

However, denial of service conditions could impact system availability, which is a consideration under these regulations. Organizations relying on cilium/ebpf for critical processing should apply the patch to maintain system stability and compliance with availability requirements.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10722. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart