Lucene search
K

4 matches found

OSV
OSV
•added 2026/06/25 6:43 p.m.•2 views

GO-2026-5180 Traefik has an StripPrefixRegex Middleware Authorization Bypass via Path/RawPath Desync in github.com/traefik/traefik

Traefik has an StripPrefixRegex Middleware Authorization Bypass via Path/RawPath Desync in github.com/traefik/traefik...

8.6CVSS5.8AI score0.00767EPSS
Exploits1References5
SUSE CVE
SUSE CVE
•added 2026/06/04 2:22 a.m.•8 views

SUSE CVE-2026-46244

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftinner: Fix IPv6 innerthoff desync In nftinnerparsel2l3, when processing inner IPv6 packets, ipv6findhdr correctly computes the transport header offset traversing all extension headers, but the result is immediately...

5.5CVSS5.8AI score0.00302EPSS
Exploits0References3
CVE
CVE
•added 2026/04/30 8:38 p.m.•30 views

CVE-2026-40912

CVE-2026-40912 affects Traefik’s StripPrefixRegex middleware used with ForwardAuth, BasicAuth, or DigestAuth. The vulnerability arises because the middleware matches a decoded URL path against a regex but uses that length to slice the percent-encoded RawPath, which can produce a dot-segment (e.g....

8.6CVSS5.3AI score0.00767EPSS
Exploits1References8Affected Software1
Cvelist
Cvelist
•added 2026/04/30 8:38 p.m.•32 views

CVE-2026-40912 Traefik: StripPrefixRegex auth bypass via Path/RawPath desync

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches...

7.8CVSS0.00767EPSS
Exploits1References4
Rows per page
Query Builder