← voltar
CVE-2026-29777

Traefik has a kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values

CVSS 6.1 MEDIUMEPSS 0.3%CWE-74
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can bypass listener hostname constraints and redirect traffic for victim hostnames to attacker-controlled backends. This vulnerability is fixed in 3.6.10.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
Produtos afetados
traefik · traefik

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/traefik/traefik/releases/tag/v3.6.10https://github.com/traefik/traefik/security/advisories/GHSA-8q2w-wr49-whqj