FIND-20260404-016 · 2026-04-04 · Innovation Veille

Traefik CVE-2026-32695 — Knative Ingress Rule Injection (MEDIUM 6.3)

cve MEDIUM
CVE-2026-32695 affects Traefik Kubernetes Knative/Ingress/Ingress-NGINX providers. User-controlled values interpolated into backtick-delimited router rule expressions without escaping allow rule injection and host restriction bypass. CVSS 4.0 score: 6.3. Requires existing cluster privileges. Fixed in Traefik >= 3.6.11. ODS is already on 3.6.12 which includes the patch — no immediate action required.

Source

https://advisories.gitlab.com/pkg/golang/github.com/traefik/traefik/v3/CVE-2026-32695/

ODS Impact

ODS API Gateway uses Traefik as reverse proxy. ODS does not use Knative, reducing exploitability. Current deployment (3.6.12) is patched. Verify Traefik is on 3.6.12 on srv-staging.

Security Review

License: MIT | Maintenance: ACTIVE | Risk: LOW | Recommendation: SAFE_TO_USE

Tags

traefik cve kubernetes ingress api-gateway
Generated by ODS Innovation Veille · 2026-04-04T19:08:31+00:00