Lucene search
K

Traefik < 2.11.38 / 3.x < 3.6.9 Multiple Vulnerabilities

🗓️ 04 Jun 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 18 Views

Traefik older than 2.11.38 or 3.6.9 has memory overflow in ForwardAuth and TLS handshake denial.

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: Multiple Vulnerabilities in watsonx.data
22 Jun 202614:33
ibm
ATTACKERKB
CVE-2026-26999
5 Mar 202616:15
attackerkb
ATTACKERKB
CVE-2026-26998
5 Mar 202616:15
attackerkb
AlpineLinux
CVE-2026-26998
5 Mar 202616:15
alpinelinux
AlpineLinux
CVE-2026-26999
5 Mar 202616:15
alpinelinux
Chainguard
CVE-2026-26998 vulnerabilities
11 Apr 202614:18
cgr
Chainguard
CVE-2026-26999 vulnerabilities
11 Apr 202614:18
cgr
Circl
CVE-2026-26998
4 Mar 202613:09
circl
Circl
CVE-2026-26999
4 Mar 202613:10
circl
CNNVD
Traefik 资源管理错误漏洞
5 Mar 202600:00
cnnvd
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(318671);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/09");

  script_cve_id("CVE-2026-26998", "CVE-2026-26999");
  script_xref(name:"IAVB", value:"2026-B-0059");

  script_name(english:"Traefik < 2.11.38 / 3.x < 3.6.9 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote macOS host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of Traefik installed on the remote macOS host is prior to 2.11.38 or 3.x prior to 3.6.9. It is,
therefore, affected by multiple vulnerabilities:

  - A flaw exists in the ForwardAuth middleware due to the response body from the authentication server being
    read entirely into memory without any size limit. An authenticated, remote attacker can exploit this to
    cause a denial of service via an out-of-memory condition. (CVE-2026-26998)

  - A flaw exists in TLS handshake handling on TCP routers due to the read deadline being cleared before the
    TLS handshake is completed. An unauthenticated, remote attacker can exploit this, via incomplete TLS
    records, to cause a denial of service by exhausting file descriptors and goroutines. (CVE-2026-26999)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported
version number.");
  script_set_attribute(attribute:"see_also", value:"https://github.com/traefik/traefik/releases/tag/v2.11.38");
  script_set_attribute(attribute:"see_also", value:"https://github.com/traefik/traefik/releases/tag/v3.6.9");
  # https://github.com/traefik/traefik/security/advisories/GHSA-fw45-f5q2-2p4x
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d2fa3c9b");
  # https://github.com/traefik/traefik/security/advisories/GHSA-xw98-5q62-jx94
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?86c06abc");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Traefik version 2.11.38, 3.6.9, or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-26999");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/03/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/03/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:traefik:traefik");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macos_traefik_installed.nbin");
  script_require_keys("Host/local_checks_enabled", "installed_sw/traefik");

  exit(0);
}

include('vdf.inc');

# @tvdl-content
var vuln_data = {
  'metadata': {'spec_version': '1.0'},
  'requires': [
    {
      'scope': 'target',
      'match': {'os': 'macos'}
    }
  ],
  'checks': [
    {
      'product': {'name': 'traefik', 'type': 'app'},
      'check_algorithm': 'default',
      'constraints': [
        {'fixed_version': '2.11.38'},
        {'min_version': '3.0.0', 'fixed_version': '3.6.9'}
      ]
    }
  ]
};

var vdf_result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_HOLE);
vdf::handle_check_and_report_errors(vdf_result:vdf_result);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

09 Jun 2026 00:00Current
7.7High risk
Vulners AI Score7.7
CVSS 3.17.5
EPSS0.00539
SSVC
18