CVE-2026-29777

MEDIUM

Traefik <3.6.10 - Command Injection

Title source: llm

Description

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can bypass listener hostname constraints and redirect traffic for victim hostnames to attacker-controlled backends. This vulnerability is fixed in 3.6.10.

References (2)

[Release Notes] https://github.com/traefik/traefik/releases/tag/v3.6.10

[Vendor Advisory] https://github.com/traefik/traefik/security/advisories/GHSA-8q2w-wr49-whqj

Scores

CVSS v3 6.5

EPSS 0.0001

EPSS Percentile 3.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-74

Status published

Products (3)

traefik/traefik < 3.6.10

traefik/traefik 0 (2 CPE variants)Go

traefik/traefik 0 - 3.6.10Go

Published Mar 11, 2026

Tracked Since Mar 11, 2026