Primary

Context

Traefik HTTPRoute Rule Injection Vulnerability in Kubernetes Gateway

Vulnerability

Patched

A rule injection vulnerability has been identified in Traefik's Kubernetes Gateway provider, affecting versions through 3.6.9. A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language. This is possible via unsanitized header or query parameter match values. In shared gateway deployments, the vulnerability can bypass listener hostname constraints, redirecting traffic for victim hostnames to attacker-controlled backends.

Impact

Exploitation of this vulnerability could lead to unauthorized rule injection, allowing attackers to manipulate routing behaviors and redirect traffic to malicious backends.

Remediation

Users can upgrade to Traefik version 3.6.10 to address this vulnerability.

Added: Mar 11, 2026, 4:23 PM

Updated: Mar 11, 2026, 4:23 PM

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

4.4

exploitability

5.0

remediation

7.7

relevance

3.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

4.4

exploitability

5.0

remediation

7.7

relevance

3.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Traefik HTTPRoute Rule Injection Vulnerability in Kubernetes Gateway

Vulnerability

Impact

Remediation

Affected Products

Traefik

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating