Lucene search
K

5 matches found

EUVD
EUVD
added 2026/03/27 5:49 p.m.6 views

EUVD-2026-16606

Traefik has Knative Ingress Rule Injection that Allows Host Restriction Bypass...

6.3CVSS5.9AI score0.00463EPSS
Exploits1References5
Snyk
Snyk
added 2026/03/27 3:28 p.m.3 views

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output through the Kubernetes Ingress and Knative provider buildRule/buildHostRule processes in the pkg/provider/kubernetes/ingress and pkg/provider/kubernetes/knative components. An attacker can bypass...

7.7CVSS5.9AI score0.00463EPSS
Exploits1References2
NVD
NVD
added 2026/03/27 2:16 p.m.3 views

CVE-2026-32695

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 3.6.11 and 3.7.0-ea.2, Traefik's Knative provider builds router rules by interpolating user-controlled values into backtick-delimited rule expressions without escaping. In live cluster validation, Knative rules.hosts was...

7.7CVSS0.00463EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/03/27 1:47 p.m.28 views

CVE-2026-32695 Traefik has Knative Ingress Rule Injection that Allows Host Restriction Bypass

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 3.6.11 and 3.7.0-ea.2, Traefik's Knative provider builds router rules by interpolating user-controlled values into backtick-delimited rule expressions without escaping. In live cluster validation, Knative rules.hosts was...

6.3CVSS0.00463EPSS
Exploits1References3
CVE
CVE
added 2026/03/27 1:47 p.m.20 views

CVE-2026-32695

Summary: CVE-2026-32695 affects Traefik with Knative provider. Prior to versions 3.6.11 and 3.7.0-ea.2, routers were built by interpolating user-controlled values into backtick-delimited rule expressions without escaping, enabling rule-syntax injection and host/header manipulation. In live multi-...

7.7CVSS5.9AI score0.00463EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder