5 matches found
Traefik < 3.6.10 HTTPRoute Rule Injection
The version of Traefik installed on the remote macOS host is prior to 3.6.10. It is, therefore, affected by a vulnerability: - Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into...
CVE-2026-29777 vulnerabilities
Vulnerabilities for packages: traefik, traefik-fips...
CVE-2026-29777
A flaw was found in Traefik. A tenant with write access to an HTTPRoute resource can exploit this vulnerability by injecting specially crafted rule tokens into Traefik's router rule language through unsanitized header or query parameter match values. This allows the attacker to bypass listener...
CVE-2026-29777
Traefik CVE-2026-29777 affects Traefik versions prior to 3.6.10. A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values, which in shared gateway deployments can bypass...
CVE-2026-29777
creationtimestamp| type| source ---|---|--- 2026-03-11 11:29:40+00:00| published-proof-of-concept| https://github.com/traefik/traefik/security/advisories/GHSA-8q2w-wr49-whqj 2026-03-11 15:16:40+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-29777...