Lucene search
+L

32 matches found

NVD
NVD
added 2026/07/06 9:16 p.m.7 views

CVE-2026-54765

Traefik is an open source HTTP reverse proxy and load balancer. From v3.7.0 prior to v3.7.6, Traefik's Kubernetes Gateway API provider may resolve two accepted HTTPRoutes that target the same backend Service:port but configure different backendRef filters to the same child service and apply only...

8.5CVSS0.00346EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 6:26 p.m.5 views

GO-2026-5083 Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services in github.com/traefik/traefik

Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services in github.com/traefik/traefik...

7.1CVSS5.8AI score0.00318EPSS
Exploits2References3
NVD
NVD
added 2026/06/23 8:16 p.m.8 views

CVE-2026-54761

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlis...

7.1CVSS0.00318EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2026/06/23 7:15 p.m.4 views

CVE-2026-54761

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlis...

6CVSS5.9AI score0.00318EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2026/06/23 7:15 p.m.37 views

CVE-2026-54761 Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlis...

6CVSS0.00318EPSS
Exploits2References3
CVE
CVE
added 2026/06/23 7:15 p.m.51 views

CVE-2026-54761

Traefik vulnerability CVE-2026-54761 affects the Kubernetes Gateway provider: prior to 3.6.21 and 3.7.5, the crossProviderNamespaces allowlist is checked against backendRef.namespace instead of the HTTPRoute’s own namespace, enabling an attacker in a non-allowlisted namespace to reference interna...

7.1CVSS5.9AI score0.00318EPSS
Exploits2References3Affected Software1
OSV
OSV
added 2026/06/17 2:1 p.m.8 views

GHSA-3G6V-2R68-PRFC Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services

Summary There is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlist against the target backendRef.namespace instead of the route's own...

6CVSS5.2AI score0.00318EPSS
Exploits2References4
Github Security Blog
Github Security Blog
added 2026/06/17 2:1 p.m.14 views

Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services

Summary There is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlist against the target backendRef.namespace instead of the route's own...

7.1CVSS5.2AI score0.00318EPSS
Exploits2References4Affected Software3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.13 views

PT-2026-50495

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 3.6.21 Traefik versions prior to 3.7.5 Description An issue exists in the Kubernetes Gateway provider regarding the crossProviderNamespaces allowlist. When HTTPRoute rules declare multiple backendRefs Weighted Round...

7.1CVSS5.9AI score0.00318EPSS
Exploits2References17
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.13 views

CVE-2026-44774

A flaw was found in Traefik. A low-privileged tenant with HTTPRoute creation permissions in Traefik's Kubernetes Gateway API provider can bypass security settings. This allows the tenant to expose the REST provider handler and gain live dynamic configuration write access to Traefik. This...

9.9CVSS5.8AI score0.00468EPSS
Exploits1References7
Wolfi
Wolfi
added 2026/06/05 7:48 a.m.17 views

CVE-2026-40898 vulnerabilities

Vulnerabilities for packages: teleport, ipfs-cluster, kyverno-policy-reporter, opentelemetry-operator, kubernetes-dns-node-cache, k8sgateway, coredns, jitsucom-bulker, kube-metrics-adapter, kargo, kyverno-policy-reporter-ui, spegel, frp, q, k3s, prometheus-blackbox-exporter, kubo, dkron, traefik...

7.5CVSS5.1AI score0.00279EPSS
Exploits0
Wolfi
Wolfi
added 2026/06/05 7:48 a.m.19 views

GHSA-VVGJ-X9JQ-8CJ9 vulnerabilities

Vulnerabilities for packages: teleport, ipfs-cluster, kyverno-policy-reporter, opentelemetry-operator, kubernetes-dns-node-cache, k8sgateway, coredns, jitsucom-bulker, kube-metrics-adapter, kargo, kyverno-policy-reporter-ui, spegel, frp, q, k3s, prometheus-blackbox-exporter, kubo, dkron, traefik...

5.3AI score
Exploits0
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.32 views

Traefik 访问控制错误漏洞

Traefik is an open-source reverse proxy and load balancing tool developed by Traefik. Versions prior to Traefik 2.11.46, 3.6.17, and 3.7.1 contained a access control vulnerability. This vulnerability stemmed from the Kubernetes Gateway API provider, which allowed tenants with permission to create...

9.9CVSS5.8AI score0.00468EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/05/15 12:0 a.m.10 views

Traefik 2.x < 2.11.46 / 3.x < 3.6.17 / 3.7.x < 3.7.1 Authentication Bypass (CVE-2026-44774)

The version of Traefik installed on the remote macOS host is 2.x prior to 2.11.46, 3.x prior to 3.6.17, or 3.7.x prior to 3.7.1. It is, therefore, affected by an authentication bypass vulnerability: - The Kubernetes Gateway API provider accepts any TraefikService backend reference whose name ends...

9.9CVSS5.8AI score0.00468EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/13 3:29 p.m.7 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the handling of internal service references by the Gateway API provider. An attacker can gain unauthorized dynamic configuration write access by creating or updating an HTTPRoute that targets rest@internal, even...

9.9CVSS5.8AI score0.00468EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/13 3:29 p.m.6 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the handling of internal service references by the Gateway API provider. An attacker can gain unauthorized dynamic configuration write access by creating or updating an HTTPRoute that targets rest@internal, even...

9.9CVSS5.8AI score0.00468EPSS
Exploits1References2
Wolfi
Wolfi
added 2026/04/25 1:49 p.m.11 views

GHSA-X4MJ-7F9G-29H4 vulnerabilities

Vulnerabilities for packages: k8sgateway, external-dns...

5.3AI score
Exploits0
OSV
OSV
added 2026/04/08 3:5 p.m.3 views

GHSA-H9MW-H4QC-F5JF kubernetes-graphql-gateway: GraphQL Endpoint Vulnerable to Authenticated Denial-of-Service via Unrestricted Query Execution

CVSS 6.5 Medium — The GraphQL API served by kubernetes-graphql-gateway is vulnerable to Denial-of-Service DoS attacks due to a complete absence of query resource controls depth limiting, complexity analysis, response size capping, and rate limiting. An authenticated attacker can craft queries tha...

6.5CVSS5.9AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/11 2:49 p.m.14 views

Traefik: kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values

Summary There is a potential vulnerability in Traefik's Kubernetes Gateway provider related to rule injection. A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. ...

6.5CVSS5.8AI score0.00277EPSS
Exploits0References4Affected Software3
Wolfi
Wolfi
added 2026/03/07 7:48 a.m.6 views

CVE-2026-26017 vulnerabilities

Vulnerabilities for packages: k8sgateway, kubernetes-dns-node-cache, juicefs...

7.7CVSS7.7AI score0.00385EPSS
Exploits0
Rows per page
Query Builder