← Zuruck zu CVEs
CVE-2026-29777
MEDIUM6.5
Beschreibung
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can bypass listener hostname constraints and redirect traffic for victim hostnames to attacker-controlled backends. This vulnerability is fixed in 3.6.10.
CVE Details
CVSS v3.1 Bewertung6.5
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht3/11/2026
Zuletzt geandert3/19/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
traefik:traefik
Schwachen (CWE)
CWE-74
Referenzen
https://github.com/traefik/traefik/releases/tag/v3.6.10(security-advisories@github.com)
https://github.com/traefik/traefik/security/advisories/GHSA-8q2w-wr49-whqj(security-advisories@github.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.