CVE-2026-41174

CVSS v3.1

6.4

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.43 Traefik versions prior to 3.6.14 Traefik versions prior to 3.7.0-rc.2

Description An issue exists in the Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCrossNamespace is set to false, the system fails to restrict middleware references nested within a Chain middleware's spec.chain.middlewares[] list, although direct references from IngressRoute objects are correctly rejected. An actor with permissions to create or update Traefik CRDs in their own namespace can bypass the isolation boundary to resolve and apply middleware objects from a different namespace.

Recommendations Update to version 2.11.43. Update to version 3.6.14. Update to version 3.7.0-rc.2.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-653CWE-863

Related Identifiers

BDU:2026-06477

CVE-2026-41174

GHSA-XHJW-95FP-8VGQ

OPENSUSE-SU-2026:10697-1

OPENSUSE-SU-2026:10698-1

Affected Products

Traefik

CVE-2026-41174

Weakness Enumeration

Related Identifiers

Affected Products

References · 18