High severityNVD Advisory· Published Feb 6, 2026· Updated Feb 9, 2026
Antrea has invalid enforcement order for network policy rules caused by integer overflow
CVE-2026-25804
Description
Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to versions 2.3.2 and 2.4.3, Antrea's network policy priority assignment system has a uint16 arithmetic overflow bug that causes incorrect OpenFlow priority calculations when handling a large numbers of policies with various priority values. This results in potentially incorrect traffic enforcement. This issue has been patched in versions 2.4.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
antrea.io/antreaGo | < 2.3.2 | 2.3.2 |
antrea.io/antreaGo | >= 2.4.0, < 2.4.3 | 2.4.3 |
Affected products
3- ghsa-coords2 versions
< 2.3.2+ 1 more
- (no CPE)range: < 2.3.2
- (no CPE)range: < 0.0.20260226T182644-150000.1.149.1
- antrea-io/antreav5Range: < 2.3.2
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-86x4-wp9f-wrr9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-25804ghsaADVISORY
- gist.github.com/antoninbas/c429cc3e5bb8479ba7ff38fd6fde59d9ghsaWEB
- github.com/antrea-io/antrea/blob/main/docs/antrea-network-policy.mdghsaWEB
- github.com/antrea-io/antrea/commit/86c4b6010f3be536866f339b632621c23d7186faghsax_refsource_MISCWEB
- github.com/antrea-io/antrea/pull/7496ghsax_refsource_MISCWEB
- github.com/antrea-io/antrea/security/advisories/GHSA-86x4-wp9f-wrr9ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.