Lucene search
+L

5 matches found

susecve
susecve
added 2026/05/05 1:45 a.m.16 views

SUSE CVE-2026-41174

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCrossNamespace=false, Traefik correctly rejects...

6.4CVSS5.7AI score0.00254EPSS
Exploits1References3
nvd
nvd
added 2026/04/30 9:16 p.m.6 views

CVE-2026-41174

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCrossNamespace=false, Traefik correctly rejects...

6.4CVSS0.00254EPSS
Exploits1References5
vulnrichment
vulnrichment
added 2026/04/30 8:20 p.m.5 views

CVE-2026-41174 Traefik Kubernetes CRD allows unauthorized cross-namespace middleware binding

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCrossNamespace=false, Traefik correctly rejects...

4.8CVSS5.7AI score0.00254EPSS
Exploits1References5
osv
osv
added 2026/04/30 8:20 p.m.1 views

CVE-2026-41174 Traefik Kubernetes CRD allows unauthorized cross-namespace middleware binding

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCrossNamespace=false, Traefik correctly rejects...

4.8CVSS6.6AI score0.00254EPSS
Exploits1References7
github
github
added 2026/04/24 8:12 p.m.11 views

Traefik Kubernetes CRD allows unauthorized cross-namespace middleware binding

Summary There is a vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCrossNamespace=false, Traefik correctly rejects direct cross-namespace middleware references from IngressRoute objects, but fails to apply the same...

6.4CVSS5.9AI score0.00254EPSS
Exploits1References7Affected Software3
Rows per page
Query Builder