14 matches found
CVE-2026-46527
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::settrustedproxies with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose value parses to no valid ...
Authentication Bypass
Traefik is vulnerable to Authentication Bypass. The vulnerability is due to improper handling in the ForwardAuth middleware when trustForwardHeader=false is configured behind a trusted upstream proxy, which allows an attacker to bypass authentication controls and gain unauthorized access...
CVE-2026-35051
A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This authentication bypass vulnerability exists in Traefik's ForwardAuth middleware when the trustForwardHeader setting is configured as false and Traefik is deployed behind a trusted upstream proxy. A remote attacker could...
SUSE CVE-2026-35051
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is an authentication bypass vulnerability in Traefik's ForwardAuth middleware when trustForwardHeader=false is configured and Traefik is deployed behind a trusted upstream proxy. This issu...
Traefik < 2.11.43 / 3.x < 3.6.14 Multiple Vulnerabilities
The version of Traefik installed on the remote macOS host is prior to 2.11.43 or 3.x prior to 3.6.14. It is, therefore, affected by multiple vulnerabilities: - An authentication bypass via StripPrefixRegex and ForwardAuth dot-segment normalization. When StripPrefixRegex processes URLs with...
EUVD-2026-26426
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is an authentication bypass vulnerability in Traefik's ForwardAuth middleware when trustForwardHeader=false is configured and Traefik is deployed behind a trusted upstream proxy. This issu...
Traefik 数据伪造问题漏洞
Traefik is an open-source reverse proxy and load balancing tool developed by Traefik. Versions prior to Traefik 2.11.43, 3.6.14, and 3.7.0-rc.2 contained a data manipulation vulnerability. This vulnerability stems from the ForwardAuth middleware, which has a authentication bypass vulnerability wh...
Insufficient Verification of Data Authenticity
Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the ForwardAuth middleware when trustForwardHeader is set to false and the deployment is behind a trusted upstream proxy. An attacker can gain unauthorized access to protected backend...
Insufficient Verification of Data Authenticity
Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the ForwardAuth middleware when trustForwardHeader is set to false and the deployment is behind a trusted upstream proxy. An attacker can gain unauthorized access to protected backend...
Traefik's ForwardAuth trustForwardHeader=false allows spoofed X-Forwarded-Prefix to bypass authentication
Summary There is a high-severity authentication bypass vulnerability in Traefik's ForwardAuth middleware when trustForwardHeader=false is configured and Traefik is deployed behind a trusted upstream proxy. While X-Forwarded- headers such as X-Forwarded-For, X-Forwarded-Host, and X-Forwarded-Proto...
PT-2026-36177
Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.43 Traefik versions prior to 3.6.14 Traefik versions prior to 3.7.0-rc.2 Description An authentication bypass exists in the ForwardAuth middleware of Traefik, an HTTP reverse proxy and load balancer. This occurs...
CVE-2026-27824
A flaw was found in calibre, an e-book manager. A remote attacker can bypass the brute-force protection mechanism in the calibre Content Server by manipulating the X-Forwarded-For header. This vulnerability allows attackers to circumvent IP-based bans, making the server susceptible to credential...
CVE-2025-67494 ZITADEL Vulnerable to Unauthenticated Full-Read SSRF via V2 Login
ZITADEL is an open-source identity infrastructure tool. Versions 4.7.0 and below are vulnerable to an unauthenticated, full-read SSRF vulnerability. The ZITADEL Login UI V2 treats the x-zitadel-forward-host header as a trusted fallback for all deployments, including self-hosted instances. This...
PT-2025-2449 · Unknown +1 · Matrix Media Repo +1
Name of the Vulnerable Software and Affected Versions: Matrix Media Repo versions prior to 1.3.5 Description: The issue allows an unauthenticated adversary to induce the system to download and cache large amounts of remote media files, resulting in unbounded disk consumption. This can lead to a...