Tamemghq

**Name of the Vulnerable Software and Affected Versions** Traefik versions prior to 2.11.43 Traefik versions prior to 3.6.14 Traefik versions prior to 3.7.0-rc.2 **Description** An issue exists in the Kubernetes CRD provider cross-namespace isolation enforcement. When `providers.kubernetesCRD.allowCrossNamespace` is set to `false`, the system fails to restrict middleware references nested within a Chain middleware's `spec.chain.middlewares[]` list, although direct references from IngressRoute objects are correctly rejected. An actor with permissions to create or update Traefik CRDs in their own namespace can bypass the isolation boundary to resolve and apply middleware objects from a different namespace. **Recommendations** Update to version 2.11.43. Update to version 3.6.14. Update to version 3.7.0-rc.2.