3 matches found
CVE-2026-48020
A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This vulnerability exists in the StripPrefix middleware, allowing an unauthenticated attacker to bypass route-level authentication and authorization. By crafting a request path containing '..' or its percent-encoded form, an...
CVE-2026-48020 Traefik StripPrefix Route-Level Auth Bypass via Path Normalization
Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.48, 3.6.19, and 3.7.3, there is a high severity vulnerability in Traefik's StripPrefix middleware that allows an unauthenticated attacker to bypass route-level authentication and authorization. When a public router matches on a...
CVE-2026-32036
OpenClaw gateway plugin versions prior to 2026.2.26 contain a path traversal vulnerability that allows remote attackers to bypass route authentication checks by manipulating /api/channels paths with encoded dot-segment traversal sequences. Attackers can craft alternate paths using encoded travers...