8 matches found
CVE-2026-41174 Traefik Kubernetes CRD allows unauthorized cross-namespace middleware binding
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCrossNamespace=false, Traefik correctly rejects...
CVE-2026-41174
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCrossNamespace=false, Traefik correctly rejects...
CVE-2026-41174
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCrossNamespace=false, Traefik correctly rejects...
CVE-2026-41174
Summary: CVE-2026-41174 affects Traefik’s Kubernetes CRD provider where cross-namespace isolation is breached for nested Chain middlewares, allowing an actor with CRD permissions in their own namespace to cause Traefik to apply middleware from another namespace. The issue occurs when providers.ku...
Traefik 安全漏洞
Traefik is an open-source reverse proxy and load balancing tool developed by Traefik. Vulnerabilities exist in versions prior to Traefik 2.11.43, 3.6.14, and 3.7.0-rc.2. These vulnerabilities stem from incomplete isolation of Kubernetes CRD-provided programs across namespaces, and lack restrictio...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the createChainMiddleware function. Even when providers.kubernetesCRD.allowCrossNamespace=false is set, references in spec.chain.middlewares may be followed to access objects in other namespaces. A user with...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the createChainMiddleware function. Even when providers.kubernetesCRD.allowCrossNamespace=false is set, references in spec.chain.middlewares may be followed to access objects in other namespaces. A user with...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the createChainMiddleware function. Even when providers.kubernetesCRD.allowCrossNamespace=false is set, references in spec.chain.middlewares may be followed to access objects in other namespaces. A user with...