Lucene search
K

24 matches found

CVE
CVE
added yesterday13 views

CVE-2026-54765

Traefik’s Gateway API provider (v3.7.0–v3.7.5) may allow two accepted HTTPRoutes targeting the same backend Service:port to have different backendRef filters, causing one route’s filter context to be applied to requests reaching the other route. This can leak security-sensitive headers (e.g., ten...

6.3CVSS5.9AI score
Exploits0References4
NVD
NVD
added 2026/06/23 8:16 p.m.7 views

CVE-2026-54761

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlis...

7.1CVSS0.00318EPSS
Exploits2References3
CVE
CVE
added 2026/06/23 7:15 p.m.37 views

CVE-2026-54761

Traefik vulnerability CVE-2026-54761 affects the Kubernetes Gateway provider: prior to 3.6.21 and 3.7.5, the crossProviderNamespaces allowlist is checked against backendRef.namespace instead of the HTTPRoute’s own namespace, enabling an attacker in a non-allowlisted namespace to reference interna...

7.1CVSS5.9AI score0.00318EPSS
Exploits2References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.10 views

PT-2026-50495

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 3.6.21 Traefik versions prior to 3.7.5 Description An issue exists in the Kubernetes Gateway provider regarding the crossProviderNamespaces allowlist. When HTTPRoute rules declare multiple backendRefs Weighted Round...

6CVSS5.9AI score0.00318EPSS
Exploits2References7
Veracode
Veracode
added 2026/05/16 5:25 a.m.10 views

Improper Access Control

Traefik is vulnerable to Improper Access Control. The vulnerability is due to insufficient validation of TraefikService backend references ending with @internal, which allows an attacker with HTTPRoute creation permissions to access the internal REST provider and perform unauthorized configuratio...

9.9CVSS5.4AI score0.00457EPSS
Exploits1References9Affected Software3
Snyk
Snyk
added 2026/05/13 3:29 p.m.5 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the handling of internal service references by the Gateway API provider. An attacker can gain unauthorized dynamic configuration write access by creating or updating an HTTPRoute that targets rest@internal, even...

9.9CVSS5.8AI score0.00457EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.17 views

PT-2026-40716

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.46 Traefik versions prior to 3.6.17 Traefik versions prior to 3.7.1 Description Traefik's Kubernetes Gateway API provider contains an authorization bypass that allows a tenant with HTTPRoute creation permissions ...

9.9CVSS5.8AI score0.00457EPSS
Exploits1References18
Cvelist
Cvelist
added 2026/04/10 4:3 p.m.23 views

CVE-2026-35657 OpenClaw < 2026.3.25 - Authorization Bypass in HTTP Session History Route

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the HTTP /sessions/:sessionKey/history route that skips operator.read scope validation. Attackers can access session history without proper operator read permissions by sending HTTP requests to the vulnerable endpoint...

7.1CVSS0.00232EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/11 6:44 p.m.6 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via unsanitized header or query parameter match values in the HTTPRoute resource. An attacker can bypass listener hostname constraints and...

7.6CVSS7.2AI score0.00277EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/11 6:44 p.m.3 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via unsanitized header or query parameter match values in the HTTPRoute resource. An attacker can bypass listener hostname constraints and...

7.6CVSS5.8AI score0.00277EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/11 3:54 p.m.28 views

CVE-2026-29777 Traefik has a kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can...

6.1CVSS0.00277EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/11 2:49 p.m.3 views

EUVD-2026-11201

Traefik: kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values...

6.1CVSS5.8AI score0.00277EPSS
Exploits0References2
OSV
OSV
added 2026/03/11 2:49 p.m.6 views

GHSA-8Q2W-WR49-WHQJ Traefik: kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values

Summary There is a potential vulnerability in Traefik's Kubernetes Gateway provider related to rule injection. A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. ...

6.1CVSS5.8AI score0.00277EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.8 views

Traefik 注入漏洞

Traefik is an open-source reverse proxy and load balancing tool developed by Traefik. Versions of Traefik prior to 3.6.10 had a injection vulnerability. This vulnerability stems from tenants who have access to write HTTPRoute resources being able to inject rule tokens through uncleaned header or...

6.5CVSS7.2AI score0.00277EPSS
Exploits0References2
OSV
OSV
added 2026/02/27 2:17 a.m.3 views

GO-2026-4554 esm.sh has SSRF localhost/private-network bypass in `/http(s)` module route in github.com/esm-dev/esm.sh

esm.sh has SSRF localhost/private-network bypass in /https module route in github.com/esm-dev/esm.sh...

8.6CVSS7.3AI score0.00339EPSS
Exploits1References5
Snyk
Snyk
added 2026/02/25 10:57 p.m.5 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /https route handler. An attacker can access internal network resources and retrieve sensitive information by supplying a crafted domain that resolves to a loopback or private IP address, thereby...

8.7CVSS5.9AI score0.00339EPSS
Exploits1References2
OSV
OSV
added 2026/02/25 10:57 p.m.6 views

GHSA-P2V6-84H2-5X4R esm.sh has SSRF localhost/private-network bypass in `/http(s)` module route

Summary An SSRF vulnerability CWE-918 exists in esm.sh’s /https fetch route. The service tries to block localhost/internal targets, but the validation is based on hostname string checks and can be bypassed using DNS alias domains for example, 127.0.0.1.nip.io resolving to 127.0.0.1. This allows a...

8.6CVSS5.8AI score0.00339EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/02/25 10:57 p.m.7 views

esm.sh has SSRF localhost/private-network bypass in `/http(s)` module route

Summary An SSRF vulnerability CWE-918 exists in esm.sh’s /https fetch route. The service tries to block localhost/internal targets, but the validation is based on hostname string checks and can be bypassed using DNS alias domains for example, 127.0.0.1.nip.io resolving to 127.0.0.1. This allows a...

8.6CVSS5.7AI score0.00339EPSS
Exploits1References6Affected Software1
Snyk
Snyk
added 2026/02/25 10:57 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /https route handler. An attacker can access internal network resources and retrieve sensitive information by supplying a crafted domain that resolves to a loopback or private IP address, thereby...

8.7CVSS5.9AI score0.00339EPSS
Exploits1References2
OSV
OSV
added 2026/02/25 3:37 p.m.4 views

CVE-2026-27730 esm.sh has SSRF localhost/private-network bypass in `/http(s)` module route

esm.sh is a no-build content delivery network CDN for web development. Versions up to and including 137 have an SSRF vulnerability CWE-918 in esm.sh’s /https fetch route. The service tries to block localhost/internal targets, but the validation is based on hostname string checks and can be bypass...

8.6CVSS5.6AI score0.00339EPSS
Exploits1References3
Rows per page
Query Builder