Lucene search
K

7 matches found

NVD
NVD
added 2026/06/23 8:16 p.m.6 views

CVE-2026-54761

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlis...

7.1CVSS0.00318EPSS
Exploits2References3
Cvelist
Cvelist
added 2026/06/23 7:15 p.m.35 views

CVE-2026-54761 Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlis...

6CVSS0.00318EPSS
Exploits2References3
CVE
CVE
added 2026/06/23 7:15 p.m.37 views

CVE-2026-54761

Traefik vulnerability CVE-2026-54761 affects the Kubernetes Gateway provider: prior to 3.6.21 and 3.7.5, the crossProviderNamespaces allowlist is checked against backendRef.namespace instead of the HTTPRoute’s own namespace, enabling an attacker in a non-allowlisted namespace to reference interna...

7.1CVSS5.9AI score0.00318EPSS
Exploits2References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/17 2:1 p.m.11 views

Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services

Summary There is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlist against the target backendRef.namespace instead of the route's own...

7.1CVSS5.2AI score0.00318EPSS
Exploits2References4Affected Software3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.9 views

PT-2026-50495

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 3.6.21 Traefik versions prior to 3.7.5 Description An issue exists in the Kubernetes Gateway provider regarding the crossProviderNamespaces allowlist. When HTTPRoute rules declare multiple backendRefs Weighted Round...

6CVSS5.9AI score0.00318EPSS
Exploits2References7
OSV
OSV
added 2026/05/19 7:30 p.m.5 views

GHSA-M23H-6MWM-39M8 Kong Ingress Controller for Kubernetes (KIC): Cross-namespace TLS Secret Exfiltration in Gateways with GatewayClass missing `konghq.com/gatewayclass-unmanaged: 'true'` annotation

Summary A vulnerability in the Kong Ingress Controller KIC allows for the unauthorized exfiltration of TLS certificates and private keys across Kubernetes namespace boundaries. In "managed" mode where the GatewayClass lacks an unmanaged annotation, the Gateway TLS translator skips critical status...

6.9CVSS5.9AI score
Exploits0References5
SUSE CVE
SUSE CVE
added 2024/08/20 2:16 a.m.4 views

SUSE CVE-2024-42486

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant changes are not correctly propagated in Cilium's GatewayAPI controller, which could lead to Gateway...

7.2CVSS6.7AI score0.00573EPSS
Exploits0References3
Rows per page
Query Builder