Incorrect authorization in Traefik - CVE-2026-54765
Published: July 3, 2026
Traefik
Detailed vulnerability description
The vulnerability allows a remote user to alter security-sensitive backend request context across routes and bypass authorization controls.
The vulnerability exists due to improper access control in pkg/provider/kubernetes/gateway/httproute.go when resolving accepted HTTPRoute backendRef filters for routes sharing the same backend Service:port. A remote user can create or modify an accepted HTTPRoute with different backendRef filters to alter security-sensitive backend request context across routes and bypass authorization controls.
Cross-namespace impact is possible when a ReferenceGrant permits targeting the shared backend.