Improper access control in Traefik - CVE-2026-54761

 

Improper access control in Traefik - CVE-2026-54761

Published: July 3, 2026


Vulnerability identifier: #VU136873
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-54761
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Containous
Affected software:
Traefik

Detailed vulnerability description

The vulnerability allows a remote user to expose internal Traefik services.

The vulnerability exists due to improper access control in the Kubernetes Gateway provider crossProviderNamespaces allowlist enforcement for HTTPRoute multiple backendRefs when processing mixed or weighted backendRef lists. A remote user can create a specially crafted HTTPRoute with multiple backendRefs and point backendRef.namespace to an allow-listed namespace to expose internal Traefik services.

Exploitation requires the ability to create or modify an accepted HTTPRoute and the presence of a matching ReferenceGrant from an allow-listed namespace.


How to mitigate CVE-2026-54761

Install security update from vendor's website.

Sources