Lucene search
+L

1041 matches found

Github Security Blog
Github Security Blog
added 2026/06/16 9:4 p.m.11 views

Traefik: HTTP/3 mTLS bypass via exact SNI TLSOptions lookup for wildcard and mixed-case hosts

Summary There is a critical vulnerability in Traefik's HTTP/3 QUIC TLS configuration selection that allows unauthenticated clients to bypass router-specific mTLS enforcement. When HTTP/3 is enabled on an entrypoint, the TLS handshake selects the applicable TLS configuration through an exact,...

10CVSS5.7AI score0.0024EPSS
Exploits1References3Affected Software3
OSV
OSV
added 2026/06/16 9:4 p.m.5 views

GHSA-9CR8-Q42Q-G8M7 Traefik: HTTP/3 mTLS bypass via exact SNI TLSOptions lookup for wildcard and mixed-case hosts

Summary There is a critical vulnerability in Traefik's HTTP/3 QUIC TLS configuration selection that allows unauthenticated clients to bypass router-specific mTLS enforcement. When HTTP/3 is enabled on an entrypoint, the TLS handshake selects the applicable TLS configuration through an exact,...

7.8CVSS5.8AI score0.0024EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/06/16 7:2 p.m.80 views

Traefik: SNICheck ignores wildcard TLSOptions mappings, allowing domain-fronted mTLS bypass

Summary There is a high severity vulnerability in Traefik's domain-fronting protection SNICheck that allows an unauthenticated client to bypass mutual TLS enforced through wildcard router TLSOptions. When a router uses a wildcard host rule such as Host.example.com with stricter TLS options for...

10CVSS5.1AI score0.00245EPSS
Exploits1References3Affected Software1
Snyk
Snyk
added 2026/06/16 7:2 p.m.4 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the SNICheck process. An attacker can gain unauthorized access to protected backends by completing a TLS handshake using a permissive SNI and then sending an HTTP Host header...

10CVSS6AI score0.00245EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/16 7:2 p.m.4 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the SNICheck process. An attacker can gain unauthorized access to protected backends by completing a TLS handshake using a permissive SNI and then sending an HTTP Host header...

10CVSS6AI score0.00245EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/16 7:2 p.m.4 views

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the SNICheck process. An attacker can gain unauthorized access to protected backends by completing a TLS handshake using a permissive SNI and then sending an HTTP Host header...

10CVSS6AI score0.00245EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/16 7:2 p.m.4 views

Authentication Bypass Using an Alternate Path or Channel

Overview github.com/traefik/traefik/v2/pkg/server is a server package for traefik, a cloud native edge router. Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the SNICheck process. An attacker can gain unauthorized access to protecte...

10CVSS6AI score0.00245EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.16 views

PT-2026-50143

Name of the Vulnerable Software and Affected Versions Traefik versions 3.7.0 through 3.7.2 Description An issue in the SNICheck domain-fronting protection allows an unauthenticated client to bypass mutual TLS mTLS enforced through wildcard router TLSOptions. When a router uses a wildcard host rul...

10CVSS5.2AI score0.00245EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.24 views

PT-2026-50163

Name of the Vulnerable Software and Affected Versions Traefik versions 3.6.17 through 3.7.1 Description An issue in the HTTP/3 QUIC TLS configuration selection allows unauthenticated clients to bypass router-specific mutual TLS mTLS enforcement. When HTTP/3 is enabled, the TLS handshake uses an...

10CVSS5.3AI score0.0024EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.8 views

FreeBSD : traefik -- Multiple vulnerabilities (57e69b2c-67b2-11f1-b3b6-5404a68ad561)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 57e69b2c-67b2-11f1-b3b6-5404a68ad561 advisory. The traefik project releases a new version addressing multiple CVEs: Tenable has extracted the...

10CVSS6AI score0.00591EPSS
Exploits3References4
Github Security Blog
Github Security Blog
added 2026/06/11 1:26 p.m.18 views

Traefik has a StripPrefix Route-Level Auth Bypass via Path Normalization

Summary There is a high severity vulnerability in Traefik's StripPrefix middleware that allows an unauthenticated attacker to bypass route-level authentication and authorization. When a public router matches on a PathPrefix rule and applies the StripPrefix middleware, a request path containing...

10CVSS5.6AI score0.00591EPSS
Exploits2References5Affected Software2
OSV
OSV
added 2026/06/11 1:26 p.m.13 views

GHSA-XF64-8MW2-4GR2 Traefik has a StripPrefix Route-Level Auth Bypass via Path Normalization

Summary There is a high severity vulnerability in Traefik's StripPrefix middleware that allows an unauthenticated attacker to bypass route-level authentication and authorization. When a public router matches on a PathPrefix rule and applies the StripPrefix middleware, a request path containing...

7.8CVSS5.6AI score0.00591EPSS
Exploits2References5
Circl
Circl
added 2026/06/11 8:30 a.m.11 views

CVE-2026-54761

creationtimestamp| type| source ---|---|--- 2026-06-11 08:30:06+00:00| published-proof-of-concept| https://github.com/traefik/traefik/security/advisories/GHSA-3g6v-2r68-prfc 2026-06-19 16:00:01+00:00| seen| https://bsky.app/profile/dbt3.ch/post/3monpld2twq2x 2026-07-13 22:00:22+00:00| seen|...

7.1CVSS6.1AI score0.00318EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.16 views

PT-2026-48684

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.48 Traefik versions prior to 3.6.19 Traefik versions prior to 3.7.3 Description An unauthenticated attacker can bypass route-level authentication and authorization in Traefik when PathPrefix-based public routes a...

7.8CVSS5.3AI score0.00591EPSS
Exploits2References13
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.12 views

CVE-2026-41181

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. The errors custom error pages middleware can inadvertently expose end-user credentials. When a backend returns a response matching a configured status range, the middleware forwards the original request's complete header set,...

6.9CVSS5.8AI score0.00445EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.13 views

CVE-2026-44774

A flaw was found in Traefik. A low-privileged tenant with HTTPRoute creation permissions in Traefik's Kubernetes Gateway API provider can bypass security settings. This allows the tenant to expose the REST provider handler and gain live dynamic configuration write access to Traefik. This...

9.9CVSS5.8AI score0.00468EPSS
Exploits1References7
Circl
Circl
added 2026/06/05 10:26 a.m.9 views

CVE-2026-53622

creationtimestamp| type| source ---|---|--- 2026-06-05 10:26:43+00:00| published-proof-of-concept| https://github.com/traefik/traefik/security/advisories/GHSA-9cr8-q42q-g8m7...

10CVSS5AI score0.0024EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.20 views

Traefik < 2.11.38 / 3.x < 3.6.9 Multiple Vulnerabilities

The version of Traefik installed on the remote macOS host is prior to 2.11.38 or 3.x prior to 3.6.9. It is, therefore, affected by multiple vulnerabilities: - A flaw exists in the ForwardAuth middleware due to the response body from the authentication server being read entirely into memory withou...

7.5CVSS7.7AI score0.00539EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.10 views

Traefik < 3.6.10 HTTPRoute Rule Injection

The version of Traefik installed on the remote macOS host is prior to 3.6.10. It is, therefore, affected by a vulnerability: - Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into...

6.5CVSS7.6AI score0.00277EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.67 views

Traefik 2.11.x < 2.11.38 / 3.x < 3.6.9 Connection Header Bypass

The version of Traefik installed on the remote macOS host is 2.11.x prior to 2.11.38 or 3.x prior to 3.6.9. It is, therefore, affected by a vulnerability: - A flaw exists in HTTP/1.1 request handling due to case-sensitive comparison of Connection header tokens against protected header names. An...

7.5CVSS7.6AI score0.00467EPSS
Exploits0References4
Rows per page
Query Builder