Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN620
_____________________________________________________________________

DATE                : 11/06/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Traefik (Go) versions prior to
                                      3.6.21, 3.7.5. 

=====================================================================
https://github.com/traefik/traefik/security/advisories/GHSA-3g6v-2r68-prfc
_____________________________________________________________________


Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute
outside the allowlist to expose internal Traefik services

Moderate
emilevauge published GHSA-3g6v-2r68-prfc Jun 11, 2026

Package
Traefik (Go)

Affected versions
<= v3.6.20, <= v3.7.4

Patched versions
v3.6.21, v3.7.5


Description

Summary

There is a high severity vulnerability in Traefik's Kubernetes Gateway
provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules
that declare multiple (WRR) backendRefs, Traefik evaluates the allowlist
against the target backendRef.namespace instead of the route's own namespace.
As a result, an HTTPRoute created in a namespace that is not allow-listed can
reference a cross-provider TraefikService such as api@internal,
dashboard@internal or rest@internal by pointing backendRef.namespace at an
allow-listed namespace covered by a Gateway API ReferenceGrant, exposing
internal Traefik services on the data plane. Exploitation requires the
ability to create an accepted HTTPRoute and a matching ReferenceGrant from
an allow-listed namespace ; it does not require any change to Traefik static
configuration, RBAC, or the deployment itself.


Patches

    https://github.com/traefik/traefik/releases/tag/v3.6.21
    https://github.com/traefik/traefik/releases/tag/v3.7.5

For more information

If you have any questions or comments about this advisory, please open
an issue.


Original Description

Severity
Moderate
6.0/ 10

CVSS v4 base metrics
Exploitability Metrics
Attack Vector Network
Attack Complexity Low
Attack Requirements Present
Privileges Required Low
User interaction None
Vulnerable System Impact Metrics
Confidentiality High
Integrity Low
Availability None
Subsequent System Impact Metrics
Confidentiality None
Integrity None
Availability None
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

CVE ID
No known CVE

Weaknesses
Weakness CWE-284
Weakness CWE-863

Credits

    @vvvvvvvvvvel vvvvvvvvvvel Reporter


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================