Lucene search
K

6 matches found

AlpineLinux
AlpineLinux
added 2026/06/23 7:15 p.m.7 views

CVE-2026-54761

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlis...

7.1CVSS5.8AI score0.00318EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2026/05/16 6:2 p.m.15 views

SUSE CVE-2026-44774

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.46, 3.6.17, and 3.7.1, Traefik's Kubernetes Gateway API provider allows a tenant with HTTPRoute creation permissions to expose the REST provider handler, bypassing the providers.rest.insecure=false setting. The Gateway provider...

9.9CVSS5.8AI score0.00468EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/05/15 4:30 p.m.6 views

CVE-2026-44774 Traefik: Gateway API TraefikService backend accepts rest@internal, allowing unauthorized exposure of the REST provider despite providers.rest.insecure=false

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.46, 3.6.17, and 3.7.1, Traefik's Kubernetes Gateway API provider allows a tenant with HTTPRoute creation permissions to expose the REST provider handler, bypassing the providers.rest.insecure=false setting. The Gateway provider...

6.4CVSS5.8AI score0.00468EPSS
Exploits1References4
EUVD
EUVD
added 2026/05/15 4:30 p.m.13 views

EUVD-2026-30566

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.46, 3.6.17, and 3.7.1, Traefik's Kubernetes Gateway API provider allows a tenant with HTTPRoute creation permissions to expose the REST provider handler, bypassing the providers.rest.insecure=false setting. The Gateway provider...

6.4CVSS5.8AI score0.00468EPSS
Exploits1References4
CVE
CVE
added 2026/05/15 4:30 p.m.76 views

CVE-2026-44774

CVE-2026-44774 - Traefik Gateway API exposure vulnerability Affected: Traefik v2.x before 2.11.46, v3.x before 3.6.17 and 3.7.1. Issue: In the Kubernetes Gateway API provider, a tenant with HTTPRoute creation rights can expose the REST provider handler by abusing TraefikService backend references...

9.9CVSS5.8AI score0.00468EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2026/05/13 3:29 p.m.18 views

GHSA-96QJ-4JJ5-WCJC Traefik: Gateway API TraefikService backend accepts rest@internal, allowing unauthorized exposure of the REST provider despite providers.rest.insecure=false

Summary There is a medium severity vulnerability in Traefik's Kubernetes Gateway API provider that allows a tenant with HTTPRoute creation permissions to expose the REST provider handler, bypassing the providers.rest.insecure=false setting. The Gateway provider accepts any TraefikService backend...

6.4CVSS5.9AI score0.00468EPSS
Exploits1References6
Rows per page
Query Builder