We strongly encourage you to report security vulnerabilities to our private security mailing list: security@cilium.io - first, before disclosing them in any public forums.

A threat model for Cilium and recommendations for running Cilium in production environments can be found here. Please ensure that you have taken this threat model into consideration before making a report, including considering the feasibility of an attack against a correctly secured environment.

This is a private mailing list where members of Cilium's Security Team are subscribed to, and is treated as top priority.