Lucene search
K

28 matches found

AlpineLinux
AlpineLinux
added 6 days ago5 views

CVE-2026-54763

Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's BasicAuth, DigestAuth, and ForwardAuth middlewares strip canonical-cased spoofed identity headers before writing Traefik's own value, but do not account for underscore-variant header names, which...

10CVSS6AI score0.00256EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/23 5:52 p.m.5 views

CVE-2026-52845

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, forwardauth copyheaders deletes the exact client-supplied identity header before copying the trusted value from the auth gateway. But when the request later goes through phpfastcgi, Caddy normalizes HTTP headers int...

8.1CVSS5.9AI score0.00246EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/06/23 2:37 p.m.4 views

BIT-APISIX-2026-39998 Apache APISIX: Identity Injection via forward-auth Plugin Missing Header Cleanup

Improper Input Validation vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to spoof identity headers. This issue affects Apache APISIX: from 2.12.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the...

8.8CVSS5.8AI score0.00403EPSS
Exploits0References3
NVD
NVD
added 2026/06/19 2:16 p.m.15 views

CVE-2026-39998

Improper Input Validation vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to spoof identity headers. This issue affects Apache APISIX: from 2.12.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the...

8.8CVSS0.00403EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 1:4 p.m.32 views

CVE-2026-39998 Apache APISIX: Identity Injection via forward-auth Plugin Missing Header Cleanup

Improper Input Validation vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to spoof identity headers. This issue affects Apache APISIX: from 2.12.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the...

5.8CVSS0.00403EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 1:4 p.m.10 views

EUVD-2026-38011

Improper Input Validation vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to spoof identity headers. This issue affects Apache APISIX: from 2.12.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the...

5.8CVSS5.8AI score0.00403EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 1:4 p.m.19 views

CVE-2026-39998

CVE-2026-39998 describes an identity-header spoofing issue in Apache APISIX caused by improper input validation in the forward-auth plugin. Affects APISIX releases from 2.12.0 through 3.16.0. Exploitation could enable an attacker to spoof identity headers due to configuration in forward-auth. The...

8.8CVSS5.8AI score0.00403EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/19 1:4 p.m.6 views

CVE-2026-39998

Improper Input Validation vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to spoof identity headers. This issue affects Apache APISIX: from 2.12.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the...

5.8CVSS5.8AI score0.00403EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2026/05/05 1:45 a.m.8 views

SUSE CVE-2026-40912

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches...

8.2CVSS5.7AI score0.00767EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/30 8:38 p.m.5 views

CVE-2026-40912 Traefik: StripPrefixRegex auth bypass via Path/RawPath desync

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches...

7.8CVSS5.7AI score0.00767EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2026/04/19 5:24 p.m.146 views

Exploit for Special Element Injection in Apache Apisix

CVE-2026-31908 - Apache APISIX Header Injection Exploit !Se...

9.1CVSS5.8AI score0.00521EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/04/16 1:22 p.m.7 views

CVE-2026-31908

Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

9.1CVSS5.8AI score0.00521EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/14 8:6 a.m.27 views

CVE-2026-31908 Apache APISIX: forward auth plugin allows header injection

Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

0.00521EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/14 8:6 a.m.4 views

EUVD-2026-22225

Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

5.8AI score0.00521EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/14 8:6 a.m.2 views

CVE-2026-31908 Apache APISIX: forward auth plugin allows header injection

Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

5.8AI score0.00521EPSS
Exploits1References1
CVE
CVE
added 2026/04/14 8:6 a.m.34 views

CVE-2026-31908

Apache APISIX (forward-auth plugin) is affected by a header injection vulnerability (CVE-2026-31908) tracked across multiple feeds. Affects versions 2.12.0 through 3.15.0; exploitation arises from improper sanitization of CRLF sequences in the forward-auth plugin, enabling injection of HTTP heade...

9.1CVSS5.8AI score0.00521EPSS
Exploits1References2Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/10 12:24 a.m.2 views

SUSE CVE-2026-30851

Caddy is an extensible server platform that uses TLS by default. From version 2.10.0 to before version 2.11.2, forwardauth copyheaders does not strip client-supplied headers, allowing identity injection and privilege escalation. This issue has been patched in version 2.11.2...

8.8CVSS5.7AI score0.00249EPSS
Exploits1References4
OSV
OSV
added 2026/03/07 4:28 p.m.8 views

CVE-2026-30851 Caddy forward_auth copy_headers Does Not Strip Client-Supplied Headers, Allowing Identity Injection and Privilege Escalation

Caddy is an extensible server platform that uses TLS by default. From version 2.10.0 to before version 2.11.2, forwardauth copyheaders does not strip client-supplied headers, allowing identity injection and privilege escalation. This issue has been patched in version 2.11.2...

8.1CVSS5.7AI score0.00249EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/03/06 11:38 p.m.14 views

Caddy forward_auth copy_headers Does Not Strip Client-Supplied Headers, Allowing Identity Injection and Privilege Escalation

Summary Caddy's forwardauth directive with copyheaders generates conditional header-set operations that only fire when the upstream auth service includes the named header in its response. No delete or remove operation is generated for the original client-supplied request header with the same name...

8.8CVSS5.9AI score0.00249EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/05 4:15 p.m.7 views

CVE-2026-26998

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.38 and 3.6.9, there is a potential vulnerability in Traefik managing the ForwardAuth middleware responses. When Traefik is configured to use the ForwardAuth middleware, the response body from the authentication server is...

4.4CVSS5.8AI score0.00451EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder