Lucene search
K

45 matches found

Cvelist
Cvelist
added 6 days ago38 views

CVE-2026-54763 Traefik: headerField underscore-variant identity spoofing in BasicAuth / DigestAuth / ForwardAuth

Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's BasicAuth, DigestAuth, and ForwardAuth middlewares strip canonical-cased spoofed identity headers before writing Traefik's own value, but do not account for underscore-variant header names, which...

7.8CVSS0.00256EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 6 days ago4 views

CVE-2026-54763

Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's BasicAuth, DigestAuth, and ForwardAuth middlewares strip canonical-cased spoofed identity headers before writing Traefik's own value, but do not account for underscore-variant header names, which...

7.8CVSS6AI score0.00256EPSS
Exploits0References4Affected Software1
CVE
CVE
added 6 days ago36 views

CVE-2026-54763

Traefik (HTTP reverse proxy/load balancer) before versions v2.11.51, v3.6.22, and v3.7.6 allows underscore-variant identity spoofing via BasicAuth, DigestAuth, and ForwardAuth middlewares. These middlewares strip canonical header names but don’t account for underscore-variant headers, letting an ...

10CVSS6AI score0.00256EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-56011

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.51 Traefik versions prior to 3.6.22 Traefik versions prior to 3.7.6 Description Traefik's BasicAuth, DigestAuth, and ForwardAuth middlewares fail to account for underscore-variant header names when stripping...

10CVSS5.9AI score0.00256EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2026/06/25 6:38 p.m.5 views

CVE-2026-52845

A flaw was found in Caddy, an extensible server platform. A remote attacker can exploit a vulnerability in the forwardauth copyheaders functionality. This occurs because Caddy normalizes HTTP headers into Common Gateway Interface CGI variables by replacing hyphens with underscores, allowing a...

8.1CVSS5.9AI score0.00246EPSS
Exploits1References4
OSV
OSV
added 2026/06/23 6:18 p.m.4 views

DEBIAN-CVE-2026-52845

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, forwardauth copyheaders deletes the exact client-supplied identity header before copying the trusted value from the auth gateway. But when the request later goes through phpfastcgi, Caddy normalizes HTTP headers int...

8.1CVSS5.9AI score0.00246EPSS
Exploits1References1
CVE
CVE
added 2026/06/23 5:52 p.m.16 views

CVE-2026-52845

Summary (CVE-2026-52845): Caddy 2.11.x contains a bypass in forward_auth copy_headers where, prior to 2.11.4, the exact client-supplied header was deleted but HTTP header names are later normalized to CGI variables, allowing an underscore alias to collide with a trusted header in FastCGI backends...

8.1CVSS5.9AI score0.00246EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/23 5:52 p.m.3 views

CVE-2026-52845 Caddy: FastCGI header normalization bypass in `forward_auth copy_headers`

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, forwardauth copyheaders deletes the exact client-supplied identity header before copying the trusted value from the auth gateway. But when the request later goes through phpfastcgi, Caddy normalizes HTTP headers int...

8.1CVSS5.9AI score0.00246EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/06/23 5:52 p.m.10 views

CVE-2026-52845

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, forwardauth copyheaders deletes the exact client-supplied identity header before copying the trusted value from the auth gateway. But when the request later goes through phpfastcgi, Caddy normalizes HTTP headers int...

8.1CVSS5.9AI score0.00246EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50879

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 2.12.0 through 3.16.0 Description Improper Input Validation in the forward-auth plugin allows an attacker to spoof identity headers by leveraging specific configurations. Recommendations Upgrade to version 3.17.0...

8.8CVSS5.9AI score0.00403EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/16 9:28 p.m.9 views

Caddy: FastCGI header normalization bypass in `forward_auth copy_headers`

Summary forwardauth copyheaders deletes the exact client-supplied identity header before copying the trusted value from the auth gateway. But when the request later goes through phpfastcgi, Caddy normalizes HTTP headers into CGI variables by replacing - with . This lets a client send an underscor...

8.1CVSS5.5AI score0.00246EPSS
Exploits1References2Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.12 views

PT-2026-50161

Name of the Vulnerable Software and Affected Versions Caddy versions prior to 2.11.4 Description An issue exists where forward auth copy headers deletes client-supplied identity headers before copying trusted values from an authentication gateway. However, when requests are processed via php...

8.1CVSS5.9AI score0.00246EPSS
Exploits1References6
FreeBSD
FreeBSD
added 2026/06/08 12:0 a.m.75 views

caddy -- multiple vulnerabilities

Caddy project reports: Caddy 2.11.4 contains multiple security fixes. GitHub Security Advisory GHSA-qrp7-cvwr-j2c6 reports: Windows-encoded backslashes in request paths could bypass path-scoped authorization rules before files are served by fileserver. GitHub Security Advisory GHSA-f59h-q822-g45g...

8.1CVSS5.2AI score0.00409EPSS
Exploits3References4
Veracode
Veracode
added 2026/05/14 5:48 p.m.11 views

Authentication Bypass

Traefik is vulnerable to Authentication Bypass. The vulnerability is due to improper handling in the ForwardAuth middleware when trustForwardHeader=false is configured behind a trusted upstream proxy, which allows an attacker to bypass authentication controls and gain unauthorized access...

10CVSS5.8AI score0.00267EPSS
Exploits1References10Affected Software1
NVD
NVD
added 2026/04/30 9:16 p.m.5 views

CVE-2026-40912

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches...

8.6CVSS0.00767EPSS
Exploits1References8
AlpineLinux
AlpineLinux
added 2026/04/30 8:38 p.m.10 views

CVE-2026-40912

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches...

8.2CVSS5.7AI score0.00767EPSS
Exploits1References4
CVE
CVE
added 2026/04/30 8:38 p.m.30 views

CVE-2026-40912

CVE-2026-40912 affects Traefik’s StripPrefixRegex middleware used with ForwardAuth, BasicAuth, or DigestAuth. The vulnerability arises because the middleware matches a decoded URL path against a regex but uses that length to slice the percent-encoded RawPath, which can produce a dot-segment (e.g....

8.6CVSS5.3AI score0.00767EPSS
Exploits1References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/30 8:26 p.m.3 views

CVE-2026-39858

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's ForwardAuth and snippet-based authentication middleware. Traefik's forwarded-header sanitization logic targets only...

7.8CVSS5.3AI score0.00479EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/04/24 4:37 p.m.3 views

GHSA-6JWX-7VP4-9847 Traefik has an StripPrefixRegex Middleware Authorization Bypass via Path/RawPath Desync

Summary There is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches the regex against the decoded URL path but uses the resulting byte length to slice the...

8.2CVSS5.8AI score0.00767EPSS
Exploits1References6
Snyk
Snyk
added 2026/04/24 4:37 p.m.3 views

Use of Incorrectly-Resolved Name or Reference

Overview Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference in StripPrefixRegex, when used together with ForwardAuth, BasicAuth, or DigestAuth. An attacker can gain unauthorized access to protected backend resources by sending requests with...

9.1CVSS5.5AI score0.00767EPSS
Exploits1References2
Rows per page
Query Builder