Auth bypass in Traefik

CVE-2026-54765

Traefik is an open source HTTP reverse proxy and load balancer. From v3.7.0 prior to v3.7.6, Traefik's Kubernetes Gateway API provider may resolve two accepted HTTPRoutes that target the same backend Service:port but configure different ba…

Affected products

  • Traefik — versions >= 3.7.0, < 3.7.6

Weakness classification (CWE)

References