Lucene search
K

60 matches found

NVD
NVD
added 2026/07/06 9:16 p.m.7 views

CVE-2026-54763

Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's BasicAuth, DigestAuth, and ForwardAuth middlewares strip canonical-cased spoofed identity headers before writing Traefik's own value, but do not account for underscore-variant header names, which...

10CVSS0.00256EPSS
Exploits0References3
NVD
NVD
added 2026/07/06 9:16 p.m.8 views

CVE-2026-54764

Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's ForwardAuth middleware, even when configured with trustForwardHeader: false, derives the X-Forwarded-Port header sent to the authentication service from the original incoming request instead of t...

6.9CVSS0.0029EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 8:20 p.m.2 views

CVE-2026-54764 ForwardAuth middleware leaks X-Forwarded-Port spoofing via untrusted X-Forwarded-Proto when trustForwardHeader=false

Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's ForwardAuth middleware, even when configured with trustForwardHeader: false, derives the X-Forwarded-Port header sent to the authentication service from the original incoming request instead of t...

6.9CVSS6AI score0.0029EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:20 p.m.6 views

CVE-2026-54764

Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's ForwardAuth middleware, even when configured with trustForwardHeader: false, derives the X-Forwarded-Port header sent to the authentication service from the original incoming request instead of t...

6.9CVSS6AI score0.0029EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/07/06 8:20 p.m.20 views

CVE-2026-54764

Summary of CVE-2026-54764 : Traefik’s ForwardAuth middleware can leak spoofed port information due to incorrect header handling when trustForwardHeader is false. Before fixes, the middleware derived X-Forwarded-Port from the original incoming request rather than the sanitized forwarded request, a...

6.9CVSS6AI score0.0029EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/07/06 8:20 p.m.47 views

CVE-2026-54764 ForwardAuth middleware leaks X-Forwarded-Port spoofing via untrusted X-Forwarded-Proto when trustForwardHeader=false

Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's ForwardAuth middleware, even when configured with trustForwardHeader: false, derives the X-Forwarded-Port header sent to the authentication service from the original incoming request instead of t...

6.9CVSS0.0029EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.8 views

PT-2026-55998

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.51 Traefik versions prior to 3.6.22 Traefik versions prior to 3.7.6 Description The ForwardAuth middleware in this HTTP reverse proxy and load balancer incorrectly derives the X-Forwarded-Port header sent to the...

6.9CVSS6AI score0.0029EPSS
Exploits0References16
OSV
OSV
added 2026/06/25 6:26 p.m.4 views

GO-2026-5163 Traefik's ForwardAuth trustForwardHeader=false allows spoofed X-Forwarded-Prefix to bypass authentication in github.com/traefik/traefik

Traefik's ForwardAuth trustForwardHeader=false allows spoofed X-Forwarded-Prefix to bypass authentication in github.com/traefik/traefik...

10CVSS5.8AI score0.00267EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.20 views

Traefik < 2.11.38 / 3.x < 3.6.9 Multiple Vulnerabilities

The version of Traefik installed on the remote macOS host is prior to 2.11.38 or 3.x prior to 3.6.9. It is, therefore, affected by multiple vulnerabilities: - A flaw exists in the ForwardAuth middleware due to the response body from the authentication server being read entirely into memory withou...

7.5CVSS7.7AI score0.00539EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/08 12:6 p.m.12 views

CVE-2026-35051

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This authentication bypass vulnerability exists in Traefik's ForwardAuth middleware when the trustForwardHeader setting is configured as false and Traefik is deployed behind a trusted upstream proxy. A remote attacker could...

10CVSS5.8AI score0.00267EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/05/08 12:0 p.m.13 views

CVE-2026-40912

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This authentication bypass vulnerability allows an unauthenticated attacker to access protected content. The flaw occurs when the StripPrefixRegex middleware is used with authentication mechanisms such as ForwardAuth, BasicAuth...

8.6CVSS5.7AI score0.00767EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2026/05/05 1:45 a.m.7 views

SUSE CVE-2026-35051

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is an authentication bypass vulnerability in Traefik's ForwardAuth middleware when trustForwardHeader=false is configured and Traefik is deployed behind a trusted upstream proxy. This issu...

10CVSS5.7AI score0.00267EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/05 1:45 a.m.7 views

SUSE CVE-2026-39858

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's ForwardAuth and snippet-based authentication middleware. Traefik's forwarded-header sanitization logic targets only...

10CVSS5.7AI score0.00479EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.6 views

Traefik < 2.11.43 / 3.x < 3.6.14 Multiple Vulnerabilities

The version of Traefik installed on the remote macOS host is prior to 2.11.43 or 3.x prior to 3.6.14. It is, therefore, affected by multiple vulnerabilities: - An authentication bypass via StripPrefixRegex and ForwardAuth dot-segment normalization. When StripPrefixRegex processes URLs with...

10CVSS5.8AI score0.00767EPSS
Exploits4References10
NVD
NVD
added 2026/04/30 9:16 p.m.9 views

CVE-2026-35051

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is an authentication bypass vulnerability in Traefik's ForwardAuth middleware when trustForwardHeader=false is configured and Traefik is deployed behind a trusted upstream proxy. This issu...

10CVSS0.00267EPSS
Exploits1References8
EUVD
EUVD
added 2026/04/30 8:38 p.m.5 views

EUVD-2026-26428

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches...

7.8CVSS5.3AI score0.00767EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/30 8:38 p.m.4 views

CVE-2026-40912

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches...

7.8CVSS5.3AI score0.00767EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/04/30 8:38 p.m.34 views

CVE-2026-40912 Traefik: StripPrefixRegex auth bypass via Path/RawPath desync

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches...

7.8CVSS0.00767EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/30 8:26 p.m.51 views

CVE-2026-39858 Traefik: Forwarded alias spoofing top pre-auth decision bypass

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's ForwardAuth and snippet-based authentication middleware. Traefik's forwarded-header sanitization logic targets only...

7.8CVSS0.00479EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/30 8:26 p.m.10 views

EUVD-2026-26427

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's ForwardAuth and snippet-based authentication middleware. Traefik's forwarded-header sanitization logic targets only...

7.8CVSS5.3AI score0.00479EPSS
Exploits1References4
Rows per page
Query Builder