CVE-2026-29777
Traefik has a kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can bypass listener hostname constraints and redirect traffic for victim hostnames to attacker-controlled backends. This vulnerability is fixed in 3.6.10.
| CWE | CWE-74 |
| Vendor | traefik |
| Product | traefik |
| Published | Mar 11, 2026 |
| Last Updated | Mar 11, 2026 |
Stay Ahead of the Next One
Get instant alerts for traefik traefik
Be the first to know when new unknown vulnerabilities affecting traefik traefik are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
traefik / traefik
< 3.6.10