| id: GO-2026-4880 |
| modules: |
| - module: github.com/traefik/traefik |
| vulnerable_at: 1.7.34 |
| - module: github.com/traefik/traefik/v2 |
| unsupported_versions: |
| - last_affected: 2.11.42 |
| vulnerable_at: 2.11.42 |
| - module: github.com/traefik/traefik/v3 |
| versions: |
| - fixed: 3.6.11 |
| - introduced: 3.7.0-ea.1 |
| - fixed: 3.7.0-ea.2 |
| vulnerable_at: 3.7.0-ea.1 |
| summary: Traefik has Knative Ingress Rule Injection that Allows Host Restriction Bypass in github.com/traefik/traefik |
| cves: |
| - CVE-2026-32695 |
| ghsas: |
| - GHSA-67jx-r9pv-98rj |
| references: |
| - advisory: https://github.com/traefik/traefik/security/advisories/GHSA-67jx-r9pv-98rj |
| - advisory: https://nvd.nist.gov/vuln/detail/CVE-2026-32695 |
| - fix: https://github.com/traefik/traefik/commit/11d251415a6fd935025df5a9dda898e17e3097b2 |
| - web: https://github.com/traefik/traefik/releases/tag/v3.6.11 |
| - web: https://github.com/traefik/traefik/releases/tag/v3.7.0-ea.2 |
| source: |
| id: GHSA-67jx-r9pv-98rj |
| created: 2026-03-31T13:14:58.710289-04:00 |
| review_status: UNREVIEWED |
