Primary

Context

Traefik Knative Provider Ingress Rule Injection Vulnerability Allows Host Restriction Bypass

Vulnerability

Patched

A vulnerability exists in Traefik's Knative provider, specifically in versions through 3.6.10 and 3.7.0-ea.1. The issue arises because user-controlled values are inserted into backtick-delimited rule expressions without proper escaping or validation. This flaw can be exploited to bypass host restrictions by injecting malicious values that manipulate the routing rules. In multi-tenant clusters, this could redirect unauthorized traffic to victim services, exposing them to cross-tenant traffic.

Impact

Exploitation of this vulnerability can lead to unauthorized traffic being routed to victim services, causing cross-tenant traffic exposure in multi-tenant clusters.

Remediation

Users can upgrade to Traefik versions 3.6.11 or 3.7.0-ea.2 to address this vulnerability.

Added: Mar 27, 2026, 2:20 PM

Updated: Mar 27, 2026, 2:20 PM

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

1.3

exploitability

3.6

remediation

7.7

relevance

4.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

1.3

exploitability

3.6

remediation

7.7

relevance

4.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Traefik Knative Provider Ingress Rule Injection Vulnerability Allows Host Restriction Bypass

Vulnerability

Impact

Remediation

Affected Products

Traefik

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating