Summary
Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services
References
Related vulnerabilities
All Supply chain →- HIGHGHSA-9R5X-WG6M-X2RC
Gitea: OAuth2 access token scope enforcement bypass via HTTP Basic authentication
- CRITICALGHSA-8FQ9-273G-6MRG
Avo: Missing Authorization in Avo Association Attach Endpoint Allows Unauthorized Relationship Manipulation and Privilege Escalation
- MEDIUMGHSA-GWXR-7H77-7777
Capsule: Incomplete fix of CVE-2026-30963: singular/plural typo leaves namespaces/finalize unprotected
- HIGHGHSA-WRR5-99H5-GQ57
Gitea: Public-only tokens bypass private-resource restrictions on `/api/v1/user` self routes
- HIGHGHSA-FHX7-M96W-MV29
Gitea: API Fork Missing CanCreateOrgRepo Check Allows Org Secret Exfiltration
- MEDIUMGHSA-QWXF-2M7M-2M3X
Daytona: Cross-tenant data leak in notification WebSocket gateway via unverified organizationId join