What is CVE-2026-41174?

CVE-2026-41174 is a medium-severity vulnerability in Traefik, classified under CWE-653. CVSS score: 6.4/10. Published 2026-04-30.

How severe is CVE-2026-41174?

Medium severity. CVSS v3 base score is 6.4 out of 10.

Auth bypass in Traefik

CVE-2026-41174

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetes…

EPSS: 0.000 (2.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.4 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N.

Affected products

Traefik — versions 3.7.0, < 2.11.43, >= 3.7.0-ea.1, < 3.7.0-rc.2

Weakness classification (CWE)

References

https://github.com/traefik/traefik/security/advisories/GHSA-xhjw-95fp-8vgq (x_refsource_CONFIRM, Exploit, Patch, Vendor Advisory)
https://github.com/traefik/traefik/commit/df00d82fc7f12e07199551832b54de6d0e55414d (Patch, x_refsource_MISC)
https://github.com/traefik/traefik/releases/tag/v2.11.43 (Product, x_refsource_MISC, Release Notes)
https://github.com/traefik/traefik/releases/tag/v3.6.14 (Product, x_refsource_MISC, Release Notes)
https://github.com/traefik/traefik/releases/tag/v3.7.0-rc.2 (Product, x_refsource_MISC, Release Notes)

Frequently asked questions

What is CVE-2026-41174?: CVE-2026-41174 is a medium-severity vulnerability in Traefik, classified under CWE-653. CVSS score: 6.4/10. Published 2026-04-30.
How severe is CVE-2026-41174?: Medium severity. CVSS v3 base score is 6.4 out of 10.