CVE-2026-29777

MEDIUM EPSS 19.4%

Published Mar 11, 20263mo ago · Modified Mar 19, 20263mo ago

6.1 CVSS 4.0

Medium

Published Mar 11, 2026 3mo ago

Last Modified Mar 19, 2026 3mo ago

Description

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can bypass listener hostname constraints and redirect traffic for victim hostnames to attacker-controlled backends. This vulnerability is fixed in 3.6.10.

CVSS Details

Base Score

6.1

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required High

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

19.4% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-74

Affected Products 1

Vendor	Product	Version	Range
traefik	traefik	*	<3.6.10

References 2

github.com https://github.com/traefik/traefik/releases/tag/v3.6.10

Release Notes
github.com https://github.com/traefik/traefik/security/advisories/GHSA-8q2w-wr49-whqj

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.