Vulnerability-Lookup

CVE-2026-29777 (GCVE-0-2026-29777)

Vulnerability from cvelistv5 – Published: 2026-03-11 15:54 – Updated: 2026-03-11 17:22

Title

Traefik has a kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values

Summary

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can bypass listener hostname constraints and redirect traffic for victim hostnames to attacker-controlled backends. This vulnerability is fixed in 3.6.10.

Severity ?

6.1 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

CWE

CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/traefik/traefik/security/advis…	x_refsource_CONFIRM
	https://github.com/traefik/traefik/releases/tag/v3.6.10	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	traefik	traefik	Affected: < 3.6.10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-29777",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-11T17:22:01.786277Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-11T17:22:36.189Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "traefik",
          "vendor": "traefik",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.6.10"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik\u0027s router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can bypass listener hostname constraints and redirect traffic for victim hostnames to attacker-controlled backends. This vulnerability is fixed in 3.6.10."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "HIGH",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-74",
              "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-11T15:54:17.219Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/traefik/traefik/security/advisories/GHSA-8q2w-wr49-whqj",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/traefik/traefik/security/advisories/GHSA-8q2w-wr49-whqj"
        },
        {
          "name": "https://github.com/traefik/traefik/releases/tag/v3.6.10",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/traefik/traefik/releases/tag/v3.6.10"
        }
      ],
      "source": {
        "advisory": "GHSA-8q2w-wr49-whqj",
        "discovery": "UNKNOWN"
      },
      "title": "Traefik has a kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-29777",
    "datePublished": "2026-03-11T15:54:17.219Z",
    "dateReserved": "2026-03-04T16:26:02.898Z",
    "dateUpdated": "2026-03-11T17:22:36.189Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-29777\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-11T16:16:40.830\",\"lastModified\":\"2026-03-12T21:08:22.643\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik\u0027s router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can bypass listener hostname constraints and redirect traffic for victim hostnames to attacker-controlled backends. This vulnerability is fixed in 3.6.10.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-74\"}]}],\"references\":[{\"url\":\"https://github.com/traefik/traefik/releases/tag/v3.6.10\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/traefik/traefik/security/advisories/GHSA-8q2w-wr49-whqj\",\"source\":\"security-advisories@github.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-29777\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-11T17:22:01.786277Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-11T17:22:25.497Z\"}}], \"cna\": {\"title\": \"Traefik has a kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values\", \"source\": {\"advisory\": \"GHSA-8q2w-wr49-whqj\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 6.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"traefik\", \"product\": \"traefik\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 3.6.10\"}]}], \"references\": [{\"url\": \"https://github.com/traefik/traefik/security/advisories/GHSA-8q2w-wr49-whqj\", \"name\": \"https://github.com/traefik/traefik/security/advisories/GHSA-8q2w-wr49-whqj\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/traefik/traefik/releases/tag/v3.6.10\", \"name\": \"https://github.com/traefik/traefik/releases/tag/v3.6.10\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik\u0027s router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can bypass listener hostname constraints and redirect traffic for victim hostnames to attacker-controlled backends. This vulnerability is fixed in 3.6.10.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-74\", \"description\": \"CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-11T15:54:17.219Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-29777\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-11T17:22:36.189Z\", \"dateReserved\": \"2026-03-04T16:26:02.898Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-11T15:54:17.219Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2026-AVI-0268

Vulnerability from certfr_avis - Published: 2026-03-11 - Updated: 2026-03-11

De multiples vulnérabilités ont été découvertes dans Traefik. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Traefik	Traefik	Traefik versions v3.6.x antérieures à v3.6.10
	Traefik	Traefik	Traefik versions v2.11.x antérieures à v2.11.40

References

Title

Publication Time

FKIE_CVE-2026-29777

Vulnerability from fkie_nvd - Published: 2026-03-11 16:16 - Updated: 2026-03-12 21:08

Severity ?

6.1 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/traefik/traefik/releases/tag/v3.6.10
	security-advisories@github.com	https://github.com/traefik/traefik/security/advisories/GHSA-8q2w-wr49-whqj

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik\u0027s router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can bypass listener hostname constraints and redirect traffic for victim hostnames to attacker-controlled backends. This vulnerability is fixed in 3.6.10."
    },
    {
      "lang": "es",
      "value": "Traefik es un proxy inverso HTTP y un balanceador de carga. Antes de la versi\u00f3n 3.6.10, un inquilino con acceso de escritura a un recurso HTTPRoute puede inyectar tokens de reglas delimitados por comillas invertidas en el lenguaje de reglas del router de Traefik a trav\u00e9s de valores de coincidencia de encabezado o par\u00e1metro de consulta no saneados. En implementaciones de pasarela compartida, esto puede eludir las restricciones de nombre de host del oyente y redirigir el tr\u00e1fico para nombres de host de v\u00edctimas a backends controlados por el atacante. Esta vulnerabilidad se corrige en la versi\u00f3n 3.6.10."
    }
  ],
  "id": "CVE-2026-29777",
  "lastModified": "2026-03-12T21:08:22.643",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "HIGH",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "HIGH",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-03-11T16:16:40.830",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/traefik/traefik/releases/tag/v3.6.10"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/traefik/traefik/security/advisories/GHSA-8q2w-wr49-whqj"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Undergoing Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

GHSA-8Q2W-WR49-WHQJ

Vulnerability from github – Published: 2026-03-11 14:49 – Updated: 2026-03-13 13:32

Summary

Traefik: kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values

Details

Summary

There is a potential vulnerability in Traefik's Kubernetes Gateway provider related to rule injection.

A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can bypass listener hostname constraints and redirect traffic for victim hostnames to attacker-controlled backends.

Patches

https://github.com/traefik/traefik/releases/tag/v3.6.10

For more information

If you have any questions or comments about this advisory, please open an issue.

Original Description hey Traefik, repo: https://github.com/traefik/traefik commit: a4a91344edcdd6276c1b766ca19ee3f0e346480f (as-of 2026-03-02) traefik's kubernetes gateway provider builds router rules by interpolating HTTPRoute match values into the traefik rule language using backtick-delimited string literals (e.g., `Header(`name`,`value`)`, `Query(`name`,`value`)`) without escaping or validation. because backtick is a delimiter in the rule language, a tenant-controlled backtick can terminate the literal and inject additional rule tokens (for example `) || HostRegexp(`.\*`) || ...`). this changes the parsed ast so that an injected OR branch is not gated by the intended `Host(...)` constraint due to operator precedence, and can result in end-to-end routing hijack (victim host routed to attacker backends). in shared gateway deployments that rely on gateway API listener hostname constraints to isolate tenants, this can enable cross-tenant routing hijack to attacker-controlled backends. ## expected vs actual expected: provider-generated rules must be injection-safe; tenant-controlled match values must not be able to change the rule parse tree beyond literal argument content, especially across listener hostname-constraint boundaries in shared gateway deployments. actual: a backtick inside a header/query match value can inject an OR branch into the generated rule, changing the ast root from `and` to `or` and enabling hostname-constraint bypass. ## severity HIGH (impact ceiling may reach the top severity tier in shared gateway threat models; end-to-end kubernetes reproduction is recommended to demonstrate cross-tenant routing impact). CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N = 8.7 cwe: CWE-74 (improper neutralization of special elements in output used by a downstream component) ## affected versions - confirmed vulnerable at: a4a91344edcdd6276c1b766ca19ee3f0e346480f (pinned commit) - release matrix: not yet confirmed (needs version mapping for gateway api provider in v3) ## affected code - `pkg/provider/kubernetes/gateway/httproute.go`: `buildHeaderRules` and `buildQueryParamRules` build `Header(`%s`,`%s`)` / `Query(`%s`,`%s`)` without escaping - `pkg/provider/kubernetes/gateway/grpcroute.go`: `buildGRPCHeaderRules` builds `Header(`%s`,`%s`)` / `HeaderRegexp(`%s`,`%s`)` without escaping - `pkg/provider/kubernetes/knative/kubernetes.go`: `buildRule` builds `Header(`%s`,`%s`)` without escaping - the generated rule string is parsed by `pkg/muxer/http/parser.go` (predicate-based rule parser) - github permalinks (pinned): - https://github.com/traefik/traefik/blob/a4a91344edcdd6276c1b766ca19ee3f0e346480f/pkg/provider/kubernetes/gateway/httproute.go#L742 - https://github.com/traefik/traefik/blob/a4a91344edcdd6276c1b766ca19ee3f0e346480f/pkg/provider/kubernetes/gateway/httproute.go#L761 ## root cause the kubernetes gateway provider formats rule strings using backticks as string delimiters:

rules = append(rules, fmt.Sprintf("Header(`%s`,`%s`)", header.Name, header.Value))
rules = append(rules, fmt.Sprintf("Query(`%s`,`%s`)", qp.Name, qp.Value))

if `header.Value` (or `qp.Value`) contains a backtick and operator tokens, it can terminate the literal and inject additional rule-language tokens, changing the parse tree. ## attacker control attacker-controlled input is the kubernetes control plane object `HTTPRoute` in a tenant namespace. the attacker controls: 1. `HTTPRoute.Spec.Rules[].Matches[].Headers[].Value` and/or `QueryParams[].Value` (string) 2. the payload content, including backticks and rule tokens ## impact in shared gateway setups, this can bypass gateway API listener hostname constraints, causing requests for victim hostnames to be routed to attacker backends. downstream effects can include credential/token capture and request forgery, depending on the workload behind the gateway. traefik's documentation frames gateway API as providing safer multi-tenant primitives via listener constraints (see https://doc.traefik.io/traefik/security/multi-tenant-kubernetes/). rule injection breaks those constraints when they are relied upon as a boundary. ## reproduction (attachment: poc.zip) attachment includes `poc.zip` with an integration PoC that: - shows canonical behavior where injection changes the parsed ast root to `or` and routes `victim.com` to the attacker handler (emits `[PROOF_MARKER]`) - shows a negative control using injection-safe quoting (`%q`) where the ast root remains `and` and routes `victim.com` to the victim handler (emits `[NC_MARKER]`) run canonical:

unzip poc.zip -d poc
cd poc
make canonical

canonical output excerpt:

[CALLSITE_HIT]
[PROOF_MARKER]

run control:

unzip poc.zip -d poc
cd poc
make control

control output excerpt:

[NC_MARKER]

## recommended fix encode rule arguments using injection-safe quoting (for example `fmt.Sprintf("Header(%q,%q)", name, value)`), or otherwise reject/escape backticks and other rule-language metacharacters before interpolation. add regression tests that include backticks and operator tokens inside header/query match values and assert they cannot change the parse tree. **fix accepted when:** tenant-controlled HTTPRoute match values cannot inject operators into the generated rule string and cannot change the resulting parsed ast structure. [[poc.zip](https://github.com/user-attachments/files/25698814/poc.zip)](https://github.com/user-attachments/files/25698814/poc.zip) [[PR_DESCRIPTION.md](https://github.com/user-attachments/files/25698815/PR_DESCRIPTION.md)](https://github.com/user-attachments/files/25698815/PR_DESCRIPTION.md) [[attack_scenario.md](https://github.com/user-attachments/files/25698816/attack_scenario.md)](https://github.com/user-attachments/files/25698816/attack_scenario.md) cheers, Oleh Konko

Severity ?

6.1 (Medium)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.6.9"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/traefik/traefik/v3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.6.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/traefik/traefik"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.7.34"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/traefik/traefik/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.11.40"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-29777"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-74"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-11T14:49:44Z",
    "nvd_published_at": "2026-03-11T16:16:40Z",
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nThere is a potential vulnerability in Traefik\u0027s Kubernetes Gateway provider related to rule injection.\n\nA tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik\u0027s router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can bypass listener hostname constraints and redirect traffic for victim hostnames to attacker-controlled backends.\n\n## Patches\n\n- https://github.com/traefik/traefik/releases/tag/v3.6.10\n\n## For more information\n\nIf you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).\n\n\u003cdetails\u003e\n\u003csummary\u003eOriginal Description\u003c/summary\u003e\n\nhey Traefik,\n\n\nrepo: https://github.com/traefik/traefik\ncommit: a4a91344edcdd6276c1b766ca19ee3f0e346480f (as-of 2026-03-02)\n\ntraefik\u0027s kubernetes gateway provider builds router rules by interpolating HTTPRoute match values into the traefik rule language using backtick-delimited string literals (e.g., `Header(`name`,`value`)`, `Query(`name`,`value`)`) without escaping or validation.\n\nbecause backtick is a delimiter in the rule language, a tenant-controlled backtick can terminate the literal and inject additional rule tokens (for example `) || HostRegexp(`.\\*`) || ...`). this changes the parsed ast so that an injected OR branch is not gated by the intended `Host(...)` constraint due to operator precedence, and can result in end-to-end routing hijack (victim host routed to attacker backends).\n\nin shared gateway deployments that rely on gateway API listener hostname constraints to isolate tenants, this can enable cross-tenant routing hijack to attacker-controlled backends.\n\n## expected vs actual\n\nexpected: provider-generated rules must be injection-safe; tenant-controlled match values must not be able to change the rule parse tree beyond literal argument content, especially across listener hostname-constraint boundaries in shared gateway deployments.\n\nactual: a backtick inside a header/query match value can inject an OR branch into the generated rule, changing the ast root from `and` to `or` and enabling hostname-constraint bypass.\n\n## severity\n\nHIGH (impact ceiling may reach the top severity tier in shared gateway threat models; end-to-end kubernetes reproduction is recommended to demonstrate cross-tenant routing impact).\n\nCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N = 8.7\n\ncwe: CWE-74 (improper neutralization of special elements in output used by a downstream component)\n\n## affected versions\n\n- confirmed vulnerable at: a4a91344edcdd6276c1b766ca19ee3f0e346480f (pinned commit)\n- release matrix: not yet confirmed (needs version mapping for gateway api provider in v3)\n\n## affected code\n\n- `pkg/provider/kubernetes/gateway/httproute.go`: `buildHeaderRules` and `buildQueryParamRules` build `Header(`%s`,`%s`)` / `Query(`%s`,`%s`)` without escaping\n- `pkg/provider/kubernetes/gateway/grpcroute.go`: `buildGRPCHeaderRules` builds `Header(`%s`,`%s`)` / `HeaderRegexp(`%s`,`%s`)` without escaping\n- `pkg/provider/kubernetes/knative/kubernetes.go`: `buildRule` builds `Header(`%s`,`%s`)` without escaping\n- the generated rule string is parsed by `pkg/muxer/http/parser.go` (predicate-based rule parser)\n- github permalinks (pinned):\n  - https://github.com/traefik/traefik/blob/a4a91344edcdd6276c1b766ca19ee3f0e346480f/pkg/provider/kubernetes/gateway/httproute.go#L742\n  - https://github.com/traefik/traefik/blob/a4a91344edcdd6276c1b766ca19ee3f0e346480f/pkg/provider/kubernetes/gateway/httproute.go#L761\n\n## root cause\n\nthe kubernetes gateway provider formats rule strings using backticks as string delimiters:\n\n```go\nrules = append(rules, fmt.Sprintf(\"Header(`%s`,`%s`)\", header.Name, header.Value))\nrules = append(rules, fmt.Sprintf(\"Query(`%s`,`%s`)\", qp.Name, qp.Value))\n```\n\nif `header.Value` (or `qp.Value`) contains a backtick and operator tokens, it can terminate the literal and inject additional rule-language tokens, changing the parse tree.\n\n## attacker control\n\nattacker-controlled input is the kubernetes control plane object `HTTPRoute` in a tenant namespace. the attacker controls:\n\n1. `HTTPRoute.Spec.Rules[].Matches[].Headers[].Value` and/or `QueryParams[].Value` (string)\n2. the payload content, including backticks and rule tokens\n\n## impact\n\nin shared gateway setups, this can bypass gateway API listener hostname constraints, causing requests for victim hostnames to be routed to attacker backends. downstream effects can include credential/token capture and request forgery, depending on the workload behind the gateway.\n\ntraefik\u0027s documentation frames gateway API as providing safer multi-tenant primitives via listener constraints (see https://doc.traefik.io/traefik/security/multi-tenant-kubernetes/). rule injection breaks those constraints when they are relied upon as a boundary.\n\n## reproduction (attachment: poc.zip)\n\nattachment includes `poc.zip` with an integration PoC that:\n\n- shows canonical behavior where injection changes the parsed ast root to `or` and routes `victim.com` to the attacker handler (emits `[PROOF_MARKER]`)\n- shows a negative control using injection-safe quoting (`%q`) where the ast root remains `and` and routes `victim.com` to the victim handler (emits `[NC_MARKER]`)\n\nrun canonical:\n\n```bash\nunzip poc.zip -d poc\ncd poc\nmake canonical\n```\n\ncanonical output excerpt:\n\n```\n[CALLSITE_HIT]\n[PROOF_MARKER]\n```\n\nrun control:\n\n```bash\nunzip poc.zip -d poc\ncd poc\nmake control\n```\n\ncontrol output excerpt:\n\n```\n[NC_MARKER]\n```\n\n## recommended fix\n\nencode rule arguments using injection-safe quoting (for example `fmt.Sprintf(\"Header(%q,%q)\", name, value)`), or otherwise reject/escape backticks and other rule-language metacharacters before interpolation. add regression tests that include backticks and operator tokens inside header/query match values and assert they cannot change the parse tree.\n\n**fix accepted when:** tenant-controlled HTTPRoute match values cannot inject operators into the generated rule string and cannot change the resulting parsed ast structure.\n\n\n[[poc.zip](https://github.com/user-attachments/files/25698814/poc.zip)](https://github.com/user-attachments/files/25698814/poc.zip)\n[[PR_DESCRIPTION.md](https://github.com/user-attachments/files/25698815/PR_DESCRIPTION.md)](https://github.com/user-attachments/files/25698815/PR_DESCRIPTION.md)\n[[attack_scenario.md](https://github.com/user-attachments/files/25698816/attack_scenario.md)](https://github.com/user-attachments/files/25698816/attack_scenario.md)\n\n\ncheers,\nOleh Konko\n\n\u003c/details\u003e",
  "id": "GHSA-8q2w-wr49-whqj",
  "modified": "2026-03-13T13:32:45Z",
  "published": "2026-03-11T14:49:44Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/traefik/traefik/security/advisories/GHSA-8q2w-wr49-whqj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29777"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/traefik/traefik"
    },
    {
      "type": "WEB",
      "url": "https://github.com/traefik/traefik/releases/tag/v3.6.10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Traefik: kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-29777 (GCVE-0-2026-29777)

CERTFR-2026-AVI-0268

Solutions

FKIE_CVE-2026-29777

GHSA-8Q2W-WR49-WHQJ

Summary

Patches

For more information

Tags

Sightings

Nomenclature