What is GHSA-xhgw-qwwf-pg32?

GHSA-xhgw-qwwf-pg32 is a security advisory published by GitHub Security Advisories with Low severity. A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec...

Which CVE IDs does GHSA-xhgw-qwwf-pg32 cover?

GHSA-xhgw-qwwf-pg32 covers the following CVE IDs: CVE-2026-10722. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-xhgw-qwwf-pg32?

GHSA-xhgw-qwwf-pg32 has a CVSS v3 base score of 3.3, published by GitHub Security Advisories.

GHSA-xhgw-qwwf-pg32LowCVSS 3.3

A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec...

Vendor

GitHub Security Advisories

Published

June 3, 2026

Last Modified

June 3, 2026

🔗 CVE IDs covered (1)

CVE-2026-10722 →

📋 Description

A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipulation of the argument offset leads to integer overflow. The attack can only be performed from a local environment. The exploit has been disclosed to the public and may be used. The name of the patch is 533dfc82fd228bfadf42ea7180c39de7d9af47fa. A patch should be applied to remediate this issue.

🔗 References (11)

https://nvd.nist.gov/vuln/detail/CVE-2026-10722
https://github.com/cilium/ebpf/issues/2019
https://github.com/cilium/ebpf/pull/2021
https://github.com/cilium/ebpf/commit/533dfc82fd228bfadf42ea7180c39de7d9af47fa
https://gist.github.com/thesmartshadow/256bff0f8042c584f993ace89074a815
https://github.com/cilium/ebpf
https://vuldb.com/cve/CVE-2026-10722
https://vuldb.com/submit/818291
https://vuldb.com/vuln/368091
https://vuldb.com/vuln/368091/cti
https://github.com/advisories/GHSA-xhgw-qwwf-pg32