Incorrect authorization in Traefik - #VU137268
Published: July 9, 2026
Traefik
Detailed vulnerability description
The vulnerability allows a remote user to cause Traefik to use unauthorized cross-provider backend transport settings.
The vulnerability exists due to improper access control in the Kubernetes CRD provider IngressRouteTCP service serversTransport reference handling when processing cross-provider serversTransport references. A remote user can set a crafted serversTransport reference such as foo@file to cause Traefik to use unauthorized cross-provider backend transport settings.
This can cause Traefik to apply operator-defined backend mTLS client certificates, SPIFFE identity, or PROXY protocol settings from a file-provider TCPServersTransport that the namespace should not be allowed to reference.