Traefik < 2.11.41 / 3.x < 3.6.11 Multiple Vulnerabilities

The version of Traefik installed on the remote macOS host is prior to 2.11.41 or 3.x prior to 3.6.11. It is, therefore, affected by multiple vulnerabilities: - mTLS bypass through the TLS SNI pre-sniffing logic related to fragmented ClientHello packets. When a TLS ClientHello is fragmented across...

CVE-2026-23364 ksmbd: Compare MACs in constant time

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Compare MACs in constant time To prevent timing attacks, MAC comparisons need to be constant-time. Replace the memcmp with the correct function, cryptomemneq...

Linux Distros Unpatched Vulnerability : CVE-2026-21713

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the Auth function in the authentication. An attacker can determine the existence of valid usernames by measuring differences in authentication response times. Remediation Upgrade...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the Auth function in the authentication. An attacker can determine the existence of valid usernames by measuring differences in authentication response times. Remediation Upgrade...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the Auth function in the authentication. An attacker can determine the existence of valid usernames by measuring differences in authentication response times. Remediation Upgrade...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the Auth function in the authentication. An attacker can determine the existence of valid usernames by measuring differences in authentication response times. Remediation Upgrade...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the Auth function in the authentication. An attacker can determine the existence of valid usernames by measuring differences in authentication response times. Remediation Upgrade...

GO-2026-4792 Traefik Affected by BasicAuth Middleware Timing Attack Allows Username Enumeration in github.com/traefik/traefik

Traefik Affected by BasicAuth Middleware Timing Attack Allows Username Enumeration in github.com/traefik/traefik...

GO-2026-4769 Juju affected by timing ownership claim attack on new external back-end secrets in github.com/juju/juju

Juju affected by timing ownership claim attack on new external back-end secrets in github.com/juju/juju. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

CVE-2026-32595

A flaw was found in Traefik. An unauthenticated attacker can exploit a timing attack vulnerability in the BasicAuth middleware. By observing the time it takes for the middleware to respond, an attacker can determine if a submitted username is valid or not. This information disclosure allows for...

SUSE CVE-2026-32595

Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 comtain BasicAuth middleware that allows username enumeration via a timing attack. When a submitted username exists, the middleware performs a bcrypt password comparison taki...

EUVD-2026-13935

OpenClaw versions prior to 2026.2.25 contain a time-of-check-time-of-use vulnerability in approval-bound system.run execution where the cwd parameter is validated at approval time but resolved at execution time. Attackers can retarget a symlinked cwd between approval and execution to bypass comma...

CVE-2026-32935

A flaw was found in phpseclib, a PHP secure communications library. When using Advanced Encryption Standard AES in Cipher Block Chaining CBC mode, a remote attacker can exploit a padding oracle timing attack. This vulnerability may allow the attacker to decrypt sensitive information by observing...

EUVD-2026-13664

Traefik Affected by BasicAuth Middleware Timing Attack Allows Username Enumeration...

GHSA-G3HG-J4JV-CWFR Traefik Affected by BasicAuth Middleware Timing Attack Allows Username Enumeration

Summary There is a potential vulnerability in Traefik's BasicAuth middleware that allows username enumeration via a timing attack. When a submitted username exists, the middleware performs a bcrypt password comparison taking 166ms. When the username does not exist, the response returns immediatel...

Traefik Affected by BasicAuth Middleware Timing Attack Allows Username Enumeration

Summary There is a potential vulnerability in Traefik's BasicAuth middleware that allows username enumeration via a timing attack. When a submitted username exists, the middleware performs a bcrypt password comparison taking 166ms. When the username does not exist, the response returns immediatel...

Timing Attack

Overview github.com/traefik/traefik/v2/pkg/middlewares/auth is a Cloud Native Application Proxy. Affected versions of this package are vulnerable to Timing Attack via the BasicAuth middleware. An attacker can enumerate valid usernames by measuring the response time differences when submitting...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the BasicAuth middleware. An attacker can enumerate valid usernames by measuring the response time differences when submitting authentication requests. Remediation Upgrade...

SUSE-SU-2026:20769-1 Security update for ovmf

This update for ovmf fixes the following issue: - CVE-2025-59438: mbedtls: padding oracle attack possible through timing of cipher error reporting bsc1252441...