Improper access control in Traefik - CVE-2026-54761
Published: July 3, 2026
Traefik
Detailed vulnerability description
The vulnerability allows a remote user to expose internal Traefik services.
The vulnerability exists due to improper access control in the Kubernetes Gateway provider crossProviderNamespaces allowlist enforcement for HTTPRoute multiple backendRefs when processing mixed or weighted backendRef lists. A remote user can create a specially crafted HTTPRoute with multiple backendRefs and point backendRef.namespace to an allow-listed namespace to expose internal Traefik services.
Exploitation requires the ability to create or modify an accepted HTTPRoute and the presence of a matching ReferenceGrant from an allow-listed namespace.