2 matches found
CVE-2026-44774
CVE-2026-44774 - Traefik Gateway API exposure vulnerability Affected: Traefik v2.x before 2.11.46, v3.x before 3.6.17 and 3.7.1. Issue: In the Kubernetes Gateway API provider, a tenant with HTTPRoute creation rights can expose the REST provider handler by abusing TraefikService backend references...
CVE-2026-44774 Traefik: Gateway API TraefikService backend accepts rest@internal, allowing unauthorized exposure of the REST provider despite providers.rest.insecure=false
Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.46, 3.6.17, and 3.7.1, Traefik's Kubernetes Gateway API provider allows a tenant with HTTPRoute creation permissions to expose the REST provider handler, bypassing the providers.rest.insecure=false setting. The Gateway provider...