1041 matches found
CVE-2026-54764
Summary of CVE-2026-54764 : Traefik’s ForwardAuth middleware can leak spoofed port information due to incorrect header handling when trustForwardHeader is false. Before fixes, the middleware derived X-Forwarded-Port from the original incoming request rather than the sanitized forwarded request, a...
CVE-2026-54764
Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's ForwardAuth middleware, even when configured with trustForwardHeader: false, derives the X-Forwarded-Port header sent to the authentication service from the original incoming request instead of t...
PT-2026-56012
Name of the Vulnerable Software and Affected Versions Traefik versions 3.7.0 through 3.7.5 Description Traefik's Kubernetes Gateway API provider may incorrectly resolve two accepted HTTPRoutes that target the same backend Service:port but use different backendRef filters for the same child servic...
PT-2026-55998
Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.51 Traefik versions prior to 3.6.22 Traefik versions prior to 3.7.6 Description The ForwardAuth middleware in this HTTP reverse proxy and load balancer incorrectly derives the X-Forwarded-Port header sent to the...
FreeBSD : traefik -- Multiple vulnerabilities (803b9816-77af-11f1-ba71-5404a68ad561)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 803b9816-77af-11f1-ba71-5404a68ad561 advisory. The traefik project releases a new version addressing multiple CVEs: Tenable has extracted the...
PT-2026-56011
Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.51 Traefik versions prior to 3.6.22 Traefik versions prior to 3.7.6 Description Traefik's BasicAuth, DigestAuth, and ForwardAuth middlewares fail to account for underscore-variant header names when stripping...
GHSA-3G6V-2R68-PRFC vulnerabilities
Vulnerabilities for packages: traefik-fips, traefik...
CVE-2026-54761 vulnerabilities
Vulnerabilities for packages: traefik-fips, traefik...
CVE-2026-53622 vulnerabilities
Vulnerabilities for packages: traefik-fips, traefik...
GHSA-9CR8-Q42Q-G8M7 vulnerabilities
Vulnerabilities for packages: traefik-fips, traefik...
traefik -- Multiple vulnerabilities
The traefik project releases a new version addressing multiple CVEs: CVE-2026-54763 underscore-variant identity spoofing CVE-2026-54764 ForwardAuth middleware leaks X-Forwarded-Port spoofing CVE-2026-54765 Gateway HTTPRoute backendRef filters can leak backend context...
GHSA-4MR2-FG2P-W63C vulnerabilities
Vulnerabilities for packages: traefik-fips, traefik...
CVE-2026-54762 vulnerabilities
Vulnerabilities for packages: traefik-fips, traefik...
GHSA-5CGQ-3RG8-M6CV vulnerabilities
Vulnerabilities for packages: backup-restore-operator, mattermost-fips, kyverno-fips, traefik, harbor-fips, knative-kafka-broker, argo-events-fips, prometheus, argo-cd-fips, terragrunt, telegraf, argo-cd, containerd, argo-events, keda-fips, istio, kubernetes, apply-cve-bump, traefik-fips,...
GHSA-X527-X647-Q7GG vulnerabilities
Vulnerabilities for packages: flux-source-controller-fips, external-dns, argocd-image-updater-fips, backup-restore-operator, coder, cilium, aactl, opentelemetry-collector, argo-cd-fips, prometheus-fips, flux-source-controller, cloudbeat-fips, nerdctl, osv-scanner,...
GHSA-JPPX-RXG9-JMRX vulnerabilities
Vulnerabilities for packages: external-dns, backup-restore-operator, cilium, aactl, opentelemetry-collector, argo-cd-fips, prometheus-fips, nerdctl, kots, tekton-pipelines-fips, spire-server, frankenphp-8.5, frankenphp-8.4, zot, knative-kafka-broker-fips, podman-fips, kyverno-fips, terraform,...
GHSA-9M57-25V3-79X9 vulnerabilities
Vulnerabilities for packages: external-dns, backup-restore-operator, cilium, aactl, opentelemetry-collector, argo-cd-fips, prometheus-fips, nerdctl, kots, tekton-pipelines-fips, spire-server, frankenphp-8.5, frankenphp-8.4, zot, knative-kafka-broker-fips, podman-fips, kyverno-fips, terraform,...
GHSA-45GG-VH54-H5M9 vulnerabilities
Vulnerabilities for packages: flux-source-controller-fips, external-dns, argocd-image-updater-fips, backup-restore-operator, coder, cilium, aactl, opentelemetry-collector, argo-cd-fips, prometheus-fips, flux-source-controller, cloudbeat-fips, nerdctl, osv-scanner,...
GO-2026-5752 Traefik has a StripPrefix Route-Level Auth Bypass via Path Normalization in github.com/traefik/traefik
Traefik has a StripPrefix Route-Level Auth Bypass via Path Normalization in github.com/traefik/traefik...
CVE-2026-48020
A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This vulnerability exists in the StripPrefix middleware, allowing an unauthenticated attacker to bypass route-level authentication and authorization. By crafting a request path containing '..' or its percent-encoded form, an...