2 matches found
GO-2026-5180 Traefik has an StripPrefixRegex Middleware Authorization Bypass via Path/RawPath Desync in github.com/traefik/traefik
Traefik has an StripPrefixRegex Middleware Authorization Bypass via Path/RawPath Desync in github.com/traefik/traefik...
CVE-2026-40912 Traefik: StripPrefixRegex auth bypass via Path/RawPath desync
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches...