52 matches found
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to unbounded processing of responses in the ForwardAuth middleware due to the lack of restrictions for maxResponseBodySize configuration. An attacker can cause resource exhaustion...
Allocation of Resources Without Limits or Throttling
Overview github.com/traefik/traefik/v2/pkg/middlewares/auth is a Cloud Native Application Proxy. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to unbounded processing of responses in the ForwardAuth middleware due to the lack of...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to unbounded processing of responses in the ForwardAuth middleware due to the lack of restrictions for maxResponseBodySize configuration. An attacker can cause resource exhaustion...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to unbounded processing of responses in the ForwardAuth middleware due to the lack of restrictions for maxResponseBodySize configuration. An attacker can cause resource exhaustion...
CVE-2026-26998 Traefik: unbounded io.ReadAll on auth server response body causes OOM denial of service(DOS)
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.38 and 3.6.9, there is a potential vulnerability in Traefik managing the ForwardAuth middleware responses. When Traefik is configured to use the ForwardAuth middleware, the response body from the authentication server is...
CVE-2026-26998 Traefik: unbounded io.ReadAll on auth server response body causes OOM denial of service(DOS)
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.38 and 3.6.9, there is a potential vulnerability in Traefik managing the ForwardAuth middleware responses. When Traefik is configured to use the ForwardAuth middleware, the response body from the authentication server is...
CVE-2026-26998 Traefik: unbounded io.ReadAll on auth server response body causes OOM denial of service(DOS)
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.38 and 3.6.9, there is a potential vulnerability in Traefik managing the ForwardAuth middleware responses. When Traefik is configured to use the ForwardAuth middleware, the response body from the authentication server is...
CVE-2026-26998
CVE-2026-26998 (Traefik) : Affects Traefik versions prior to 2.11.38 and 3.6.9 where ForwardAuth middleware reads the authentication server response body without a size limit. An unbounded/large response can cause unbounded memory growth, leading to an out-of-memory condition and denial of servic...
Traefik 安全漏洞
Traefik is an open-source reverse proxy and load balancing tool developed by Traefik. Versions prior to Traefik 2.11.38 and 3.6.9 have security vulnerabilities. These vulnerabilities stem from the ForwardAuth middleware, which processes responses without size restrictions. This can lead to memory...
GHSA-FW45-F5Q2-2P4X Traefik has unbounded io.ReadAll on auth server response body that causes OOM DOS
Impact There is a potential vulnerability in Traefik managing the ForwardAuth middleware responses. When Traefik is configured to use the ForwardAuth middleware, the response body from the authentication server is read entirely into memory without any size limit. There is no maxResponseBodySize...
Traefik has unbounded io.ReadAll on auth server response body that causes OOM DOS
Impact There is a potential vulnerability in Traefik managing the ForwardAuth middleware responses. When Traefik is configured to use the ForwardAuth middleware, the response body from the authentication server is read entirely into memory without any size limit. There is no maxResponseBodySize...
PT-2026-23083
Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.38 and 3.6.9 Description Traefik, an HTTP reverse proxy and load balancer, has a potential issue in how it manages responses from the ForwardAuth middleware. When configured to use ForwardAuth, the response body...