Description

Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to versions 2.3.2 and 2.4.3, Antrea's network policy priority assignment system has a uint16 arithmetic overflow bug that causes incorrect OpenFlow priority calculations when handling a large numbers of policies with various priority values. This results in potentially incorrect traffic enforcement. This issue has been patched in versions 2.4.3.

INFO

Published Date :

2026-02-06T22:58:35.041Z

Last Modified :

2026-02-06T22:58:35.041Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-25804 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-25804.

URL Resource
https://github.com/antrea-io/antrea/commit/86c4b6010f3be536866f339b632621c23d7186fa cve-icon cve-icon
https://github.com/antrea-io/antrea/pull/7496 cve-icon cve-icon
https://github.com/antrea-io/antrea/security/advisories/GHSA-86x4-wp9f-wrr9 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability