CVE-2026-44774

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.46 Traefik versions prior to 3.6.17 Traefik versions prior to 3.7.1

Description Traefik's Kubernetes Gateway API provider contains an authorization bypass that allows a tenant with HTTPRoute creation permissions to expose the REST provider handler. This occurs because the Gateway provider accepts any TraefikService backend reference ending with @internal, enabling traffic to be routed to rest@internal instead of only the intended api@internal. In shared Gateway deployments where the REST provider is enabled, a low-privileged actor can bypass the providers.rest.insecure=false setting to gain live dynamic configuration write access via the 'PUT /api/providers/rest' endpoint. This access allows for the unauthorized reconfiguration of routers and services.

Recommendations Update to version 2.11.46. Update to version 3.6.17. Update to version 3.7.1.