Traefik, Cross-Namespace Isolation Bypass (Medium)

Listen to this Post

How the vulnerability works:

Traefik’s Kubernetes CRD provider enforces namespace isolation via providers.kubernetesCRD.allowCrossNamespace=false. Direct middleware references from `IngressRoute.routes[].middlewares[]` are validated in `kubernetes_http.go` → makeMiddlewareKeys(), which blocks cross-namespace access. However, a different code path handles nested middleware inside a `Chain` middleware (spec.chain.middlewares[]). The function `createChainMiddleware()` in `kubernetes.go` does not check allowCrossNamespace. It resolves `mi.Namespace` (defaulting to current namespace) and builds the chain unconditionally. At runtime, `middlewares.go` loads all chained middleware, including those from other namespaces. Thus, a local `Chain` can reference a middleware from another namespace via `namespace` field, bypassing the global restriction. An attacker with CRUD permissions on Traefik CRDs in their own namespace (e.g., default) can create a `Chain` that pulls a middleware from a victim namespace (e.g., cross-ns). When an `IngressRoute` uses that Chain, Traefik applies the cross-namespace middleware. This bypasses the documented isolation boundary. The exploit uses only legitimate API fields; no other privileges are needed. Patches exist in commits and releases.

dailycve form:

Platform: Kubernetes CRD provider
Version: <v2.11.43,<v3.6.14
Vulnerability: Chain middleware isolation bypass
Severity: Medium
date: 2026-04-24

Prediction: Already patched versions

What Undercode Say:

Test isolation bypass
kubectl create ns cross-ns
kubectl apply -f - <<EOF
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: victim-strip
namespace: cross-ns
spec:
stripPrefix:
prefixes: ["/secret"]
EOF
kubectl create ns default
kubectl apply -f - <<EOF
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: mychain
namespace: default
spec:
chain:
middlewares:
- name: victim-strip
namespace: cross-ns
EOF
kubectl apply -f - <<EOF
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: demo
namespace: default
spec:
entryPoints: [bash]
routes:
- match: Host(\`example.test\`) && PathPrefix(\`/demo\`)
kind: Rule
middlewares: [name: mychain]
services: [{name: whoami, port: 80}]
EOF
Traefik logs show resolved chain including cross-ns middleware

Exploit:

Create a local `Chain` middleware that references `spec.chain.middlewares[].namespace` pointing to a victim namespace. Deploy any `IngressRoute` that uses that Chain. Traefik loads and applies the victim’s middleware (e.g., stripPrefix, auth, header modification) to the attacker’s route, bypassing allowCrossNamespace=false.

Protection from this CVE:

Upgrade to Traefik v2.11.43, v3.6.14, or v3.7.0-rc.2+. If patching is not possible, avoid using `Chain` middlewares in multi‑tenant clusters, or audit all `Middleware` resources for cross‑namespace `namespace` fields. Restrict RBAC for creating/updating Traefik CRDs to trusted namespaces only.

Impact:

Unauthorized reuse of security‑sensitive middleware (e.g., authentication, request modification, rate limiting) across namespace boundaries. Breaks documented isolation, allowing a low‑privileged actor in one namespace to influence traffic handling defined in another namespace. No remote code execution or direct data leak, but policy bypass can lead to further attacks.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top