Main Vulnerability Database Vulnerabilities #VU129672

Improper Neutralization of Special Elements in Output Used by a Downstream Component in Traefik - CVE-2026-32695

Published: May 5, 2026

Vulnerability identifier: #VU129672

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-32695

CWE-ID: CWE-74

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Traefik

Software vendor:
Containous

Description

The vulnerability allows a remote user to bypass host and header routing constraints and redirect unauthorized traffic to victim services.

The vulnerability exists due to improper neutralization of special elements in output used by a downstream component in Traefik Kubernetes Knative provider router rule construction when interpolating user-controlled host or header values into backtick-delimited rule expressions. A remote user can create or update a crafted Knative Ingress resource to bypass host and header routing constraints and redirect unauthorized traffic to victim services.

Exploitation depends on admission or validation policy and on the ability to create or modify Knative Ingress resources in shared or multi-tenant deployments.

Remediation

Install security update from vendor's website.

External links

https://github.com/traefik/traefik/security/advisories/GHSA-67jx-r9pv-98rj

Improper Neutralization of Special Elements in Output Used by a Downstream Component in Traefik - CVE-2026-32695

Description

Remediation

External links

Please verify you're human