CVE-2026-29777: Traefik: kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values
There is a potential vulnerability in Traefik’s Kubernetes Gateway provider related to rule injection.
A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik’s router rule language via unsanitized header or query parameter match values. In shared gateway deployments, this can bypass listener hostname constraints and redirect traffic for victim hostnames to attacker-controlled backends.
References
Code Behaviors & Features
Detect and mitigate CVE-2026-29777 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →