GHSA-46WH-3698-F2CX Traefik: Deny Rule Bypass via Unauthenticated Malicious gRPC Requests in gRPC-Go Dependency (CVE-2026-33186)
Summary There is a potential vulnerability in Traefik due to its dependency on an affected version of gRPC-Go CVE-2026-33186. A remote, unauthenticated attacker can send gRPC requests with a malformed HTTP/2 :path pseudo-header omitting the mandatory leading slash e.g., Service/Method instead of...