1041 matches found
Traefik: HTTP/3 mTLS bypass via exact SNI TLSOptions lookup for wildcard and mixed-case hosts
Summary There is a critical vulnerability in Traefik's HTTP/3 QUIC TLS configuration selection that allows unauthenticated clients to bypass router-specific mTLS enforcement. When HTTP/3 is enabled on an entrypoint, the TLS handshake selects the applicable TLS configuration through an exact,...
GHSA-9CR8-Q42Q-G8M7 Traefik: HTTP/3 mTLS bypass via exact SNI TLSOptions lookup for wildcard and mixed-case hosts
Summary There is a critical vulnerability in Traefik's HTTP/3 QUIC TLS configuration selection that allows unauthenticated clients to bypass router-specific mTLS enforcement. When HTTP/3 is enabled on an entrypoint, the TLS handshake selects the applicable TLS configuration through an exact,...
Traefik: SNICheck ignores wildcard TLSOptions mappings, allowing domain-fronted mTLS bypass
Summary There is a high severity vulnerability in Traefik's domain-fronting protection SNICheck that allows an unauthenticated client to bypass mutual TLS enforced through wildcard router TLSOptions. When a router uses a wildcard host rule such as Host.example.com with stricter TLS options for...
Authentication Bypass Using an Alternate Path or Channel
Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the SNICheck process. An attacker can gain unauthorized access to protected backends by completing a TLS handshake using a permissive SNI and then sending an HTTP Host header...
Authentication Bypass Using an Alternate Path or Channel
Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the SNICheck process. An attacker can gain unauthorized access to protected backends by completing a TLS handshake using a permissive SNI and then sending an HTTP Host header...
Authentication Bypass Using an Alternate Path or Channel
Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the SNICheck process. An attacker can gain unauthorized access to protected backends by completing a TLS handshake using a permissive SNI and then sending an HTTP Host header...
Authentication Bypass Using an Alternate Path or Channel
Overview github.com/traefik/traefik/v2/pkg/server is a server package for traefik, a cloud native edge router. Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the SNICheck process. An attacker can gain unauthorized access to protecte...
PT-2026-50143
Name of the Vulnerable Software and Affected Versions Traefik versions 3.7.0 through 3.7.2 Description An issue in the SNICheck domain-fronting protection allows an unauthenticated client to bypass mutual TLS mTLS enforced through wildcard router TLSOptions. When a router uses a wildcard host rul...
PT-2026-50163
Name of the Vulnerable Software and Affected Versions Traefik versions 3.6.17 through 3.7.1 Description An issue in the HTTP/3 QUIC TLS configuration selection allows unauthenticated clients to bypass router-specific mutual TLS mTLS enforcement. When HTTP/3 is enabled, the TLS handshake uses an...
FreeBSD : traefik -- Multiple vulnerabilities (57e69b2c-67b2-11f1-b3b6-5404a68ad561)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 57e69b2c-67b2-11f1-b3b6-5404a68ad561 advisory. The traefik project releases a new version addressing multiple CVEs: Tenable has extracted the...
Traefik has a StripPrefix Route-Level Auth Bypass via Path Normalization
Summary There is a high severity vulnerability in Traefik's StripPrefix middleware that allows an unauthenticated attacker to bypass route-level authentication and authorization. When a public router matches on a PathPrefix rule and applies the StripPrefix middleware, a request path containing...
GHSA-XF64-8MW2-4GR2 Traefik has a StripPrefix Route-Level Auth Bypass via Path Normalization
Summary There is a high severity vulnerability in Traefik's StripPrefix middleware that allows an unauthenticated attacker to bypass route-level authentication and authorization. When a public router matches on a PathPrefix rule and applies the StripPrefix middleware, a request path containing...
CVE-2026-54761
creationtimestamp| type| source ---|---|--- 2026-06-11 08:30:06+00:00| published-proof-of-concept| https://github.com/traefik/traefik/security/advisories/GHSA-3g6v-2r68-prfc 2026-06-19 16:00:01+00:00| seen| https://bsky.app/profile/dbt3.ch/post/3monpld2twq2x 2026-07-13 22:00:22+00:00| seen|...
PT-2026-48684
Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.48 Traefik versions prior to 3.6.19 Traefik versions prior to 3.7.3 Description An unauthenticated attacker can bypass route-level authentication and authorization in Traefik when PathPrefix-based public routes a...
CVE-2026-41181
A flaw was found in Traefik, an HTTP reverse proxy and load balancer. The errors custom error pages middleware can inadvertently expose end-user credentials. When a backend returns a response matching a configured status range, the middleware forwards the original request's complete header set,...
CVE-2026-44774
A flaw was found in Traefik. A low-privileged tenant with HTTPRoute creation permissions in Traefik's Kubernetes Gateway API provider can bypass security settings. This allows the tenant to expose the REST provider handler and gain live dynamic configuration write access to Traefik. This...
CVE-2026-53622
creationtimestamp| type| source ---|---|--- 2026-06-05 10:26:43+00:00| published-proof-of-concept| https://github.com/traefik/traefik/security/advisories/GHSA-9cr8-q42q-g8m7...
Traefik < 2.11.38 / 3.x < 3.6.9 Multiple Vulnerabilities
The version of Traefik installed on the remote macOS host is prior to 2.11.38 or 3.x prior to 3.6.9. It is, therefore, affected by multiple vulnerabilities: - A flaw exists in the ForwardAuth middleware due to the response body from the authentication server being read entirely into memory withou...
Traefik < 3.6.10 HTTPRoute Rule Injection
The version of Traefik installed on the remote macOS host is prior to 3.6.10. It is, therefore, affected by a vulnerability: - Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into...
Traefik 2.11.x < 2.11.38 / 3.x < 3.6.9 Connection Header Bypass
The version of Traefik installed on the remote macOS host is 2.11.x prior to 2.11.38 or 3.x prior to 3.6.9. It is, therefore, affected by a vulnerability: - A flaw exists in HTTP/1.1 request handling due to case-sensitive comparison of Connection header tokens against protected header names. An...