Lucene search
K

4 matches found

CVE
CVE
added 2 days ago17 views

CVE-2026-54765

CVE-2026-54765 affects Traefik v3.7.0 through v3.7.5, fixed in v3.7.6. In the Kubernetes Gateway API provider, two accepted HTTPRoutes targeting the same backend Service:port can have different backendRef filters, with only one route’s filter set applied to all requests. This can allow a route’s ...

8.5CVSS5.9AI score0.00427EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/06/17 8:5 p.m.9 views

EUVD-2026-37793

When NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with permission to create or modify GRPCRoute resources can cause the NGINX Gateway Fabric control plane to terminate by sending undisclosed GRPCRoute configurations containing backendRef filters. Note:...

7.1CVSS5.4AI score0.00292EPSS
Exploits0References1
OSV
OSV
added 2026/06/17 2:1 p.m.7 views

GHSA-3G6V-2R68-PRFC Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services

Summary There is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlist against the target backendRef.namespace instead of the route's own...

6CVSS5.2AI score0.00318EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.11 views

PT-2026-50495

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 3.6.21 Traefik versions prior to 3.7.5 Description An issue exists in the Kubernetes Gateway provider regarding the crossProviderNamespaces allowlist. When HTTPRoute rules declare multiple backendRefs Weighted Round...

6CVSS5.9AI score0.00318EPSS
Exploits2References7
Rows per page
Query Builder