Security Intelligence
Feed

Real-time CVE tracking, exploit analysis, and vulnerability intelligence curated for security professionals.

292 New today

64,923 Total advisories

Live Monitoring

Daily Security Trends (Last 14 Days)

351

Jun 10

245

Jun 11

336

Jun 12

Jun 13

Jun 14

443

Jun 15

630

Jun 16

464

Jun 17

Jun 18

352

Jun 19

Jun 20

104

Jun 21

317

Jun 22

285

Jun 23

Critical

High

Medium

Low

Latest

CVE CVSS 5.9

Traefik Kubernetes Ingress NGINX provider fails open when auth-secret resolution fails_CVE-2026-54762

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider that causes affected routes to fail open. When an Ingress explicitly enables BasicAuth or DigestAuth through...

CVE-2026-54762 traefik traefik >= 3.7.0-ea.1, < 3.7.5

Jun 23, 2026

Read analysis

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6	CVE-2026-54761	Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services_CVE-2026-54761 Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gatew...	traefik	traefik < 3.6.21	Jun 23, 2026	CVE
HIGH 7.8	CVE-2026-54555	rtk: Permission-gate bypass in rtk rewrite auto-allow via unsplit shell separators_CVE-2026-54555 rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.42.2, the permission splitter did not conservatively spli...	rtk-ai	rtk < 0.42.2	Jun 23, 2026	CVE
HIGH 7.3	CVE-2026-54328	Pi: Predictable temporary extension install paths allow local privilege escalation on shared Linux hosts_CVE-2026-54328 Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi versions with temporary npm or git extension package installs used predictabl...	earendil-works	pi >= 0.74.0, < 0.78.1	Jun 23, 2026	CVE
LOW 2.2	CVE-2026-54327	Pi: Race condition in auth.json writes could expose stored credentials_CVE-2026-54327 Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi stored API keys and OAuth credentials in auth.json. A race condition in the f...	earendil-works	pi >= 0.74.0, < 0.78.1	Jun 23, 2026	CVE
LOW 2.5	CVE-2026-54326	Pi: Potential XSS in HTML session exports via Markdown URL sanitization bypass_CVE-2026-54326 Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi HTML exports render session Markdown into a static HTML file. It did not cons...	earendil-works	pi >= 0.74.0, < 0.78.1	Jun 23, 2026	CVE
MEDIUM 4.4	CVE-2026-54325	Pi loads project-local extensions without approval_CVE-2026-54325 Pi is a minimal terminal coding harness. Pi before 0.79.0 loaded project-local configuration and resources from a repository's .pi directory withou...	earendil-works	pi < 0.79.0	Jun 23, 2026	CVE
HIGH 7.8	CVE-2026-53622	Traefik: HTTP/3 mTLS bypass via exact SNI TLSOptions lookup for wildcard and mixed-case hosts_CVE-2026-53622 Traefik is an HTTP reverse proxy and load balancer. Prior to 3.7.3, there is a critical vulnerability in Traefik's HTTP/3 (QUIC) TLS configuration ...	traefik	traefik < 3.7.3	Jun 23, 2026	CVE
HIGH 7.8	CVE-2026-48491	Traefik: SNICheck ignores wildcard TLSOptions mappings, allowing domain-fronted mTLS bypass_CVE-2026-48491 Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerability in Traefik's domain-fronting pro...	traefik	traefik >= 3.7.0, < 3.7.3	Jun 23, 2026	CVE
HIGH 7.8	CVE-2026-48020	Traefik StripPrefix Route-Level Auth Bypass via Path Normalization_CVE-2026-48020 Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.48, 3.6.19, and 3.7.3, there is a high severity vulnerability in Traefik's StripP...	traefik	traefik >= 3.7.0-ea.1, < 3.7.3	Jun 23, 2026	CVE

Security IntelligenceFeed

Daily Security Trends (Last 14 Days)

Traefik Kubernetes Ingress NGINX provider fails open when auth-secret resolution fails_CVE-2026-54762

Recent Advisories

Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services_CVE-2026-54761

rtk: Permission-gate bypass in rtk rewrite auto-allow via unsplit shell separators_CVE-2026-54555

Pi: Predictable temporary extension install paths allow local privilege escalation on shared Linux hosts_CVE-2026-54328

Pi: Race condition in auth.json writes could expose stored credentials_CVE-2026-54327

Pi: Potential XSS in HTML session exports via Markdown URL sanitization bypass_CVE-2026-54326

Pi loads project-local extensions without approval_CVE-2026-54325

Traefik: HTTP/3 mTLS bypass via exact SNI TLSOptions lookup for wildcard and mixed-case hosts_CVE-2026-53622

Traefik: SNICheck ignores wildcard TLSOptions mappings, allowing domain-fronted mTLS bypass_CVE-2026-48491

Traefik StripPrefix Route-Level Auth Bypass via Path Normalization_CVE-2026-48020

Protect Your Attack Surface with RedGem

Security Intelligence
Feed