traefik

v3.6.17 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 23d Reverse Proxies & Load Balancers

✓ No known CVEs patched

This release patches 1 known CVE

Topics

consul docker etcd go kubernetes letsencrypt

+7 more

load-balancing marathon mesos microservice proxy traefik zookeeper

ReleasePort's take

Light signal

editorial:auto 13d

Traefik v3.6.17 fixes CVE-2026-44774. Additional bugfixes address cross‑provider namespace handling for Kubernetes providers and CRD references.

Why it matters: Patch to v3.6.17 immediately to remediate CVE-2026-44774, which has a severity score of 50 (high).

AI summary

CVE-2026-44774 security vulnerability fixed.

Type	Severity	Summary	CVE
Security	Medium	CVE-2026-44774 fixed (GHSA-96qj-4jj5-wcjc) CVE-2026-44774 fixed (GHSA-96qj-4jj5-wcjc) Source: llm_adapter@2026-05-21 Confidence: low	—
Bugfix	Medium	Add CrossProviderNamespaces option for k8s/ingress, k8s/crd, k8s/gatewayapi Add CrossProviderNamespaces option for k8s/ingress, k8s/crd, k8s/gatewayapi Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Fix cross-provider ref check for Kubernetes CRD provider Fix cross-provider ref check for Kubernetes CRD provider Source: llm_adapter@2026-05-21 Confidence: high	—

Full changelog

Important: Please read the migration guide.

CVE fixed:

Bug fixes:

[k8s/ingress, k8s/crd, k8s/gatewayapi] Add CrossProviderNamespaces option (#13094 @rtribotte)
[k8s/crd] Fix cross-provider ref check for Kubernetes CRD provider (#13121 @rtribotte)

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Track traefik

Get notified when new releases ship.

About traefik

The Cloud Native Application Proxy