Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1240 matches found

NVD
NVDadded 2026/04/30 9:16 p.m.6 views

CVE-2026-41263

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a timing side-channel vulnerability in Traefik's BasicAuth middleware that allows an attacker to enumerate valid usernames through response-time differences. The variable intended to ho...

6.3CVSS0.00369EPSS
Exploits0References4
NVD
NVDadded 2026/04/30 9:16 p.m.1 views

CVE-2026-40912

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches...

8.2CVSS0.00571EPSS
Exploits1References4
CVE
CVEadded 2026/04/30 8:39 p.m.35 views

CVE-2026-41263

CVE-2026-41263 affects Traefik’s BasicAuth middleware. A timing side-channel allows an attacker to enumerate valid usernames by measuring response times, because the constant-time fallback secret resolves to an empty string, causing the bcrypt check to short-circuit quickly. Vulnerable versions a...

6.3CVSS5.3AI score0.00369EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/04/30 8:39 p.m.2 views

CVE-2026-41263

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a timing side-channel vulnerability in Traefik's BasicAuth middleware that allows an attacker to enumerate valid usernames through response-time differences. The variable intended to ho...

6.3CVSS5.3AI score0.00369EPSS
Exploits0References5Affected Software1
EUVD
EUVDadded 2026/04/30 8:39 p.m.4 views

EUVD-2026-26433

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a timing side-channel vulnerability in Traefik's BasicAuth middleware that allows an attacker to enumerate valid usernames through response-time differences. The variable intended to ho...

6.3CVSS5.3AI score0.00369EPSS
Exploits0References4
AlpineLinux
AlpineLinuxadded 2026/04/30 8:39 p.m.5 views

CVE-2026-41263

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a timing side-channel vulnerability in Traefik's BasicAuth middleware that allows an attacker to enumerate valid usernames through response-time differences. The variable intended to ho...

6.3CVSS5.7AI score0.00369EPSS
Exploits0References4
AlpineLinux
AlpineLinuxadded 2026/04/30 8:38 p.m.4 views

CVE-2026-40912

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches...

8.2CVSS5.7AI score0.00571EPSS
Exploits1References4
CVE
CVEadded 2026/04/30 8:38 p.m.22 views

CVE-2026-40912

CVE-2026-40912 affects Traefik’s StripPrefixRegex middleware used with ForwardAuth, BasicAuth, or DigestAuth. The vulnerability arises because the middleware matches a decoded URL path against a regex but uses that length to slice the percent-encoded RawPath, which can produce a dot-segment (e.g....

8.2CVSS5.3AI score0.00571EPSS
Exploits1References4Affected Software1
CNNVD
CNNVDadded 2026/04/30 12:0 a.m.8 views

Traefik 安全漏洞

Traefik is an open-source reverse proxy and load balancing tool developed by Traefik. Versions prior to Traefik 2.11.43, 3.6.14, and 3.7.0-rc.2 contain security vulnerabilities. These vulnerabilities stem from variables used in the BasicAuth middleware for constant-time comparisons, which are...

6.3CVSS5.8AI score0.00369EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/04/27 9:40 a.m.33 views

CVE-2026-40022 Apache Camel Platform HTTP Main: Authentication Bypass on Non-Root Context Paths in camel main runtime

When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server camel-platform-http-main and a non-root context path such as /api or /admin is configured via camel.server.path or camel.management.path, the BasicAuthenticationConfigurer and...

0.00455EPSS
Exploits0References1
Fedora
Fedoraadded 2026/04/25 1:55 a.m.5 views

[SECURITY] Fedora 44 Update: python-flask-httpauth-4.8.1-1.fc44

FlaskHTTPAuth Basic and Digest HTTP authentication for Flask routes...

8.2CVSS5.6AI score0.00324EPSS
Exploits0
Snyk
Snykadded 2026/04/24 8:36 p.m.1 views

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the BasicAuth process. An attacker can enumerate valid usernames by measuring authentication response times, exploiting differences in processing between existing and non-existing users. Remediation Upgrade...

6.3CVSS5.5AI score0.00369EPSS
Exploits0References2
Snyk
Snykadded 2026/04/24 8:36 p.m.1 views

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the BasicAuth process. An attacker can enumerate valid usernames by measuring authentication response times, exploiting differences in processing between existing and non-existing users. Remediation Upgrade...

6.3CVSS5.5AI score0.00369EPSS
Exploits0References2
Snyk
Snykadded 2026/04/24 8:36 p.m.1 views

Timing Attack

Overview github.com/traefik/traefik/v2/pkg/middlewares/auth is a Cloud Native Application Proxy. Affected versions of this package are vulnerable to Timing Attack via the BasicAuth process. An attacker can enumerate valid usernames by measuring authentication response times, exploiting difference...

6.3CVSS5.5AI score0.00369EPSS
Exploits0References2
OSV
OSVadded 2026/04/24 8:36 p.m.2 views

GHSA-6X2Q-H3CR-8J2H Traefik: A timing side-channel vulnerability allows for valid username enumeration via BasicAuth middleware

Summary There is a timing side-channel vulnerability in Traefik's BasicAuth middleware that allows an attacker to enumerate valid usernames through response-time differences. The variable intended to hold a constant-time fallback secret always resolves to an empty string, causing the constant-tim...

6.3CVSS5.8AI score0.00369EPSS
Exploits0References6
Snyk
Snykadded 2026/04/24 4:37 p.m.1 views

Use of Incorrectly-Resolved Name or Reference

Overview Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference in StripPrefixRegex, when used together with ForwardAuth, BasicAuth, or DigestAuth. An attacker can gain unauthorized access to protected backend resources by sending requests with...

9.1CVSS5.5AI score0.00571EPSS
Exploits1References2
Snyk
Snykadded 2026/04/24 4:37 p.m.2 views

Use of Incorrectly-Resolved Name or Reference

Overview Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference in StripPrefixRegex, when used together with ForwardAuth, BasicAuth, or DigestAuth. An attacker can gain unauthorized access to protected backend resources by sending requests with...

9.1CVSS5.5AI score0.00571EPSS
Exploits1References2
Snyk
Snykadded 2026/04/24 4:37 p.m.1 views

Use of Incorrectly-Resolved Name or Reference

Overview Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference in StripPrefixRegex, when used together with ForwardAuth, BasicAuth, or DigestAuth. An attacker can gain unauthorized access to protected backend resources by sending requests with...

9.1CVSS5.5AI score0.00571EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2026/04/24 12:0 a.m.2 views

PT-2026-36179

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.43 Traefik versions prior to 3.6.14 Traefik versions prior to 3.7.0-rc.2 Description An authentication bypass exists in the StripPrefixRegex middleware when used with ForwardAuth, BasicAuth, or DigestAuth. The...

10CVSS5.8AI score0.00571EPSS
Exploits4References18
NVD
NVDadded 2026/04/21 8:17 p.m.2 views

CVE-2026-40885

goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs leaks file-based ACL credentials through its public collaborator feed when the server is deployed without global basic auth. Requests to .goshs-protected folders are logged before authorization is enforced, and th...

8.8CVSS0.00311EPSS
Exploits1References1
Rows per page
Query Builder