Lucene search
K

275 matches found

Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.2 views

Traefik < 2.11.41 / 3.x < 3.6.11 Multiple Vulnerabilities

The version of Traefik installed on the remote macOS host is prior to 2.11.41 or 3.x prior to 3.6.11. It is, therefore, affected by multiple vulnerabilities: - mTLS bypass through the TLS SNI pre-sniffing logic related to fragmented ClientHello packets. When a TLS ClientHello is fragmented across...

8.3CVSS6.4AI score0.00405EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/23 10:53 a.m.4 views

CVE-2026-32305

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. A remote attacker can exploit this vulnerability by sending fragmented ClientHello packets during the Transport Layer Security TLS handshake. This causes Traefik's Server Name Indication SNI extraction to fail, leading to a...

8.3CVSS5.8AI score0.00405EPSS
Exploits0References7
OSV
OSV
added 2026/03/20 3:43 p.m.3 views

GHSA-WVVQ-WGCR-9Q48 Traefik has a Potential mTLS Bypass via Fragmented TLS ClientHello Causing Pre-SNI Sniff Fallback to Default Non-mTLS TLS Config

Summary There is a potential vulnerability in Traefik's TLS SNI pre-sniffing logic related to fragmented ClientHello packets. When a TLS ClientHello is fragmented across multiple records, Traefik's SNI extraction may fail with an EOF and return an empty SNI. The TCP router then falls back to the...

7.8CVSS5.8AI score0.00405EPSS
Exploits0References6
Snyk
Snyk
added 2026/03/20 12:43 p.m.4 views

Insecure Default Initialization of Resource

Overview github.com/traefik/traefik/v2/pkg/server/router/tcp is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy. Traefik integrates with your existing infrastructure components Docker, Swarm mode, Kubernetes, Marathon, Consul, Etcd, Rancher, Amazon ECS, ... a...

10CVSS5.8AI score0.00405EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/03/20 10:1 a.m.4 views

CVE-2026-32305

Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 are vulnerable to mTLS bypass through the TLS SNI pre-sniffing logic related to fragmented ClientHello packets. When a TLS ClientHello is fragmented across multiple records,...

7.8CVSS5.8AI score0.00405EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/20 10:1 a.m.3 views

CVE-2026-32305 Traefik mTLS bypass via fragmented ClientHello SNI extraction failure

Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 are vulnerable to mTLS bypass through the TLS SNI pre-sniffing logic related to fragmented ClientHello packets. When a TLS ClientHello is fragmented across multiple records,...

7.8CVSS5.8AI score0.00405EPSS
Exploits0References4
CVE
CVE
added 2026/03/20 10:1 a.m.24 views

CVE-2026-32305

Traefik (HTTP reverse proxy/load balancer) versions affected: 2.11.40 and earlier; 3.0.0-beta1 through 3.6.11; 3.7.0-ea.1 are vulnerable to a bypass of mTLS enforcement via TLS ClientHello SNI pre-sniffing when ClientHello messages are fragmented. In this scenario, SNI extraction may EOF and retu...

8.3CVSS5.8AI score0.00405EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2026/03/20 10:1 a.m.3 views

CVE-2026-32305 Traefik mTLS bypass via fragmented ClientHello SNI extraction failure

Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 are vulnerable to mTLS bypass through the TLS SNI pre-sniffing logic related to fragmented ClientHello packets. When a TLS ClientHello is fragmented across multiple records,...

7.8CVSS5.9AI score0.00405EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.7 views

PT-2026-26601

Name of the Vulnerable Software and Affected Versions Traefik versions 2.11.40 and below Traefik versions 3.0.0-beta1 through 3.6.11 Traefik version 3.7.0-ea.1 Description Traefik, an HTTP reverse proxy and load balancer, is susceptible to a mutual TLS mTLS bypass. This occurs due to a flaw in th...

7.8CVSS5.8AI score0.00463EPSS
Exploits1References14
RedhatCVE
RedhatCVE
added 2026/03/06 7:45 p.m.5 views

CVE-2025-13476

Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection DPI systems to trivially identify and block proxy traffic, undermining censorship circumvention...

9.8CVSS5.8AI score0.00345EPSS
Exploits0References1
OSV
OSV
added 2026/03/05 7:15 p.m.8 views

CVE-2025-13476

Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection DPI systems to trivially identify and block proxy traffic, undermining censorship circumvention...

9.8CVSS5.8AI score0.00345EPSS
Exploits0References2
NVD
NVD
added 2026/03/05 7:15 p.m.8 views

CVE-2025-13476

Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection DPI systems to trivially identify and block proxy traffic, undermining censorship circumvention...

9.8CVSS0.00345EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/05 4:53 p.m.6 views

CVE-2025-13476

Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection DPI systems to trivially identify and block proxy traffic, undermining censorship circumvention...

5.9AI score0.00345EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2026/03/05 4:53 p.m.23 views

CVE-2025-13476

CVE-2025-13476 affects Rakuten Viber Cloak mode on Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0. The root cause is a consistent, static TLS ClientHello fingerprint with a lack of extension diversity, making DPI systems able to identify and block proxy traffic and undermine censorship circum...

9.8CVSS5.9AI score0.00345EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.8 views

Rakuten Viber Desktop 安全漏洞

Rakuten Viber Desktop is a messaging application developed by Luxembourg-based Viber Inc. There is a security vulnerability in Rakuten Viber Desktop, which stems from the use of a static and predictable TLS ClientHello fingerprint. This vulnerability may lead to the identification and prevention ...

9.8CVSS7.5AI score0.00345EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.10 views

PT-2026-23467

Name of the Vulnerable Software and Affected Versions Rakuten Viber versions 25.6.0.0 through 25.8.1.0 Description Rakuten Viber’s Cloak mode on Android version 25.7.2.0g and Windows versions 25.6.0.0 through 25.8.1.0 employs a consistent TLS ClientHello fingerprint that lacks extension diversity...

9.8CVSS5.8AI score0.00345EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/02/20 11:17 a.m.12 views

CVE-2026-27017

A flaw was found in uTLS. When using GREASE Encrypted ClientHello ECH, uTLS versions 1.6.0 through 1.8.0 may exhibit a fingerprint mismatch with Chrome. This occurs due to an inconsistent selection of cipher suites between the outer ClientHello and the ECH, potentially allowing a remote observer ...

5.3CVSS5.5AI score0.00154EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/20 10:51 a.m.10 views

CVE-2026-26994

A flaw was found in uTLS. An active network attacker could exploit this vulnerability by manipulating the initial connection message ClientHello during the TLS handshake. This manipulation forces a downgrade from the more secure TLS 1.3 protocol to an older, less secure version like TLS 1.2. As a...

6.5CVSS5.5AI score0.00268EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/20 2:50 a.m.6 views

CVE-2026-26994

uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. In versions 1.6.7 and below, uTLS did not implement the TLS 1.3 downgrade protection mechanism specified in RFC 8446 Section 4.1.3 when using a uTLS ClientHello spe...

6.5CVSS5.5AI score0.00268EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/02/20 2:50 a.m.27 views

CVE-2026-26994

The CVE-2026-26994 issue affects uTLS (a fork of crypto/tls) where versions 1.6.7 and earlier fail to implement TLS 1.3 downgrade protection as per RFC 8446 4.1.3 when using a uTLS ClientHello spec. An active network attacker could downgrade a TLS 1.3 handshake to a lower version (e.g., 1.2) by o...

6.5CVSS5.5AI score0.00268EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder