CVE-2026-44774CRITICAL 9.9EPSS p35.2%

CVE-2026-44774CVE-2026-44774

Description

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.46, 3.6.17, and 3.7.1, Traefik's Kubernetes Gateway API provider allows a tenant with HTTPRoute creation permissions to expose the REST provider handler, bypassing the providers.rest.insecure=false setting. The Gateway provider accepts any TraefikService backend reference whose name ends with @internal, making it possible to route traffic to rest@internal in addition to the intended api@internal. In shared Gateway deployments where the REST provider is enabled, this allows a low-privileged actor to gain live dynamic configuration write access to Traefik, enabling unauthorized reconfiguration of routers and services. This vulnerability is fixed in 2.11.46, 3.6.17, and 3.7.1.

Scoring

CVSS 3.19.9 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS0.44% probability of exploitation · percentile 35.2% · 2026-06-18T12:00:27Z
Published2026-05-15
Last modified2026-05-19

Underlying weaknesses· 1

CWE-284

References

  1. https://github.com/traefik/traefik/releases/tag/v2.11.46
  2. https://github.com/traefik/traefik/releases/tag/v3.6.17
  3. https://github.com/traefik/traefik/releases/tag/v3.7.1
  4. https://github.com/traefik/traefik/security/advisories/GHSA-96qj-4jj5-wcjc

1

TypeTargetConfidenceTier
WeaknessImproper Access Controlcwe-2840%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-40912
CVE
CVE-2026-35051
CVE
CVE-2026-33433
CVE
CVE-2025-47952
CVE
CVE-2025-32431
CVE
CVE-2026-39858
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.