Allocation of Resources Without Limits or Throttling

Overview github.com/traefik/traefik/v2/pkg/server/router/tcp is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy. Traefik integrates with your existing infrastructure components Docker, Swarm mode, Kubernetes, Marathon, Consul, Etcd, Rancher, Amazon ECS, ... a...

CVE-2026-25949 Traefik: TCP readTimeout bypass via STARTTLS on Postgres

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.8, there is a potential vulnerability in Traefik managing STARTTLS requests. An unauthenticated client can bypass Traefik entrypoint respondingTimeouts.readTimeout by sending the 8-byte Postgres SSLRequest STARTTLS prelude and then...

CVE-2026-25949

CVE-2026-25949 – Traefik TCP readTimeout bypass via STARTTLS on Postgres . Affects Traefik prior to v3.6.8. An unauthenticated client can bypass the entrypoint’s respondingTimeouts.readTimeout by sending a Postgres SSLRequest (STARTTLS) prelude, stall, and keep connections open indefinitely, caus...

CVE-2026-25949 Traefik: TCP readTimeout bypass via STARTTLS on Postgres

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.8, there is a potential vulnerability in Traefik managing STARTTLS requests. An unauthenticated client can bypass Traefik entrypoint respondingTimeouts.readTimeout by sending the 8-byte Postgres SSLRequest STARTTLS prelude and then...

CVE-2026-25949 Traefik: TCP readTimeout bypass via STARTTLS on Postgres

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.8, there is a potential vulnerability in Traefik managing STARTTLS requests. An unauthenticated client can bypass Traefik entrypoint respondingTimeouts.readTimeout by sending the 8-byte Postgres SSLRequest STARTTLS prelude and then...

Traefik: TCP readTimeout bypass via STARTTLS on Postgres

Impact There is a potential vulnerability in Traefik managing STARTTLS requests. An unauthenticated client can bypass Traefik entrypoint respondingTimeouts.readTimeout by sending the 8-byte Postgres SSLRequest STARTTLS prelude and then stalling, causing connections to remain open indefinitely,...

PT-2026-7873

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 3.6.8 Description Traefik, an HTTP reverse proxy and load balancer, contains a flaw in how it manages STARTTLS requests. An unauthenticated client can bypass the respondingTimeouts.readTimeout setting by sending an...

authentik 资源管理错误漏洞

Authentik is an open-source identity provisioning application developed by Authentik. Versions of Authentik prior to 3.6.8 contained a resource management vulnerability. This vulnerability stemmed from potential issues during the processing of STARTTLS requests, allowing unverified clients to...

traefik -- TCP readTimeout bypass via STARTTLS on Postgres

The traefik project reports: There is a potential vulnerability in Traefik managing STARTTLS requests. An unauthenticated client can bypass Traefik entrypoint respondingTimeouts.readTimeout by sending the 8-byte Postgres SSLRequest STARTTLS prelude and then stalling, causing connections to remain...

MiracleLinux 8 : fetchmail-6.4.24-1.el8.ML.1 (AXSA:2022-3362:02)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3362:02 advisory. fetchmail: DoS or information disclosure when logging long messages CVE-2021-36386 fetchmail: STARTTLS session encryption bypassing CVE-2021-39272...

MiracleLinux 8 : ruby:2.6 (AXSA:2022-3073:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3073:01 advisory. rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source CVE-2020-36327 rubygem-rdoc: Command injection...

MiracleLinux 8 : curl-7.61.1-18.el8.2 (AXSA:2021-2528:05)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2528:05 advisory. curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols CVE-2021-22946 curl: Server responses received before STARTTLS...

MiracleLinux 8 : ruby:2.5 (AXSA:2022-3087:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3087:01 advisory. rubygem-rdoc: Command injection vulnerability in RDoc CVE-2021-31799 ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host...

MiracleLinux 4 : thunderbird-78.7.0-1.0.1.AXS4 (AXSA:2021-1432:01)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-1432:01 advisory. Mozilla: Cross-origin information leakage via redirected PDF requests CVE-2021-23953 Mozilla: Type confusion when using logical assignment operators...

MiracleLinux 7 : rh-ruby30-ruby-3.0.2-148.el7 (AXSA:2021-2500:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2500:01 advisory. rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source CVE-2020-36327 rubygem-rdoc: Command injection...

MiracleLinux 8 : thunderbird-78.12.0-3.el8.ML.1 (AXSA:2021-2308:14)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-2308:14 advisory. Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed CVE-2021-29969 Mozilla: Use-after-free in accessibility features ...

MiracleLinux 7 : rh-ruby26-ruby-2.6.9-120.el7 (AXSA:2022-3091:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3091:01 advisory. rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source CVE-2020-36327 rubygem-rdoc: Command injection...

MiracleLinux 4 : postfix-2.6.6-2.1.AXS4 (AXSA:2011-159:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2011-159:01 advisory. Postfix is a Mail Transport Agent MTA, supporting LDAP, SMTP AUTH SASL, TLS Security issues fixed with this release: CVE-2011-0411 The STARTTLS implementation...

MiracleLinux 3 : postfix-2.3.3-2.10.AXS3 (AXSA:2011-150:02)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-150:02 advisory. Postfix is a Mail Transport Agent MTA, supporting LDAP, SMTP AUTH SASL, TLS Security issues fixed with this release: CVE-2008-2937 Postfix 2.5 before...

MiracleLinux 4 : cyrus-imapd-2.3.16-6.AXS4.3 (AXSA:2011-675:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-675:01 advisory. The cyrus-imapd package contains the core of the Cyrus IMAP server. It is a scaleable enterprise mail system designed for use from small to large...