CVE-2026-32695: Traefik Knative Ingress Rule Injection — host restriction bypass (MEDIUM, patched 3.6.11)

MEDIUM (CVSS 6.3) vulnerability in Traefik's Kubernetes Knative provider. User-controlled values in Knative rules[].hosts[] are interpolated into backtick-delimited Traefik router rule expressions without escaping. A user with cluster privileges can inject backtick-terminated values to bypass host routing constraints (e.g. tenant.example.com) || Host(attacker.com)), enabling cross-tenant traffic redirection. Requires existing cluster privileges. Fixed in Traefik 3.6.11. ODS runs 3.6.12 — patch is in place. ODS does not use Knative (uses standard Kubernetes ingress), further reducing exposure.