Security Flaw in Traefik Load Balancer Affects HTTPRoute Configurations
CVE-2026-54765
6.3MEDIUM
What is CVE-2026-54765?
Traefik, the open-source HTTP reverse proxy and load balancer, has a vulnerability that allows the misconfiguration of accepted HTTPRoutes targeting the same backend. This issue emerges when different backendRef filters are configured for routes that share the same backend Service:port. As a result, the filter context from one route can incorrectly affect requests from another route, especially in environments where security-sensitive headers are utilized. This flaw potentially allows an attacker to manipulate headers and access unauthorized resources, especially when ReferenceGrants for cross-namespace targeting are enabled. The vulnerability is addressed in Traefik version v3.7.6.
Affected Version(s)
traefik >= 3.7.0, < 3.7.6
