Lucene search
K

6 matches found

Cvelist
Cvelist
added 2026/06/23 7:15 p.m.35 views

CVE-2026-54761 Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlis...

6CVSS0.00318EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2026/06/23 7:15 p.m.4 views

CVE-2026-54761

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlis...

6CVSS5.9AI score0.00318EPSS
Exploits2References4Affected Software1
CVE
CVE
added 2026/06/23 7:15 p.m.39 views

CVE-2026-54761

Traefik vulnerability CVE-2026-54761 affects the Kubernetes Gateway provider: prior to 3.6.21 and 3.7.5, the crossProviderNamespaces allowlist is checked against backendRef.namespace instead of the HTTPRoute’s own namespace, enabling an attacker in a non-allowlisted namespace to reference interna...

7.1CVSS5.9AI score0.00318EPSS
Exploits2References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 2:1 p.m.12 views

Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services

Summary There is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlist against the target backendRef.namespace instead of the route's own...

7.1CVSS5.2AI score0.00318EPSS
Exploits2References4Affected Software3
OSV
OSV
added 2026/06/17 2:1 p.m.7 views

GHSA-3G6V-2R68-PRFC Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services

Summary There is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlist against the target backendRef.namespace instead of the route's own...

6CVSS5.2AI score0.00318EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.10 views

PT-2026-50495

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 3.6.21 Traefik versions prior to 3.7.5 Description An issue exists in the Kubernetes Gateway provider regarding the crossProviderNamespaces allowlist. When HTTPRoute rules declare multiple backendRefs Weighted Round...

6CVSS5.9AI score0.00318EPSS
Exploits2References7
Rows per page
Query Builder