CVE-2026-29777 Traefik has a kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can...

CVE-2026-29777

Traefik CVE-2026-29777 affects Traefik versions prior to 3.6.10. A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values, which in shared gateway deployments can bypass...