Vulnerability Description
Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to versions 2.3.2 and 2.4.3, Antrea's network policy priority assignment system has a uint16 arithmetic overflow bug that causes incorrect OpenFlow priority calculations when handling a large numbers of policies with various priority values. This results in potentially incorrect traffic enforcement. This issue has been patched in versions 2.4.3.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linuxfoundation | Antrea | < 2.3.2 |
Related Weaknesses (CWE)
References
- https://github.com/antrea-io/antrea/commit/86c4b6010f3be536866f339b632621c23d718Patch
- https://github.com/antrea-io/antrea/pull/7496Issue TrackingPatch
- https://github.com/antrea-io/antrea/security/advisories/GHSA-86x4-wp9f-wrr9PatchVendor Advisory
FAQ
What is CVE-2026-25804?
CVE-2026-25804 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to versions 2.3.2 and 2.4.3, Antrea's network policy priority assignment system has a uint16 arithmetic overflow bug ...
How severe is CVE-2026-25804?
CVE-2026-25804 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2026-25804?
Check the references section above for vendor advisories and patch information. Affected products include: Linuxfoundation Antrea.