CVE-2026-32934

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-QUIC DoQ server can be driven into unbounded goroutine and memory growth by a remote client that opens many QUIC streams and sends only 1 byte per stream. When the worker pool is full, CoreDNS still spawns a...

CVE-2026-26999 Traefik: tcp router clears read deadlines before tls forwarding, enabling stalled handshakes (slowloris doS)

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.38 and 3.6.9, there is a potential vulnerability in Traefik managing TLS handshake on TCP routers. When Traefik processes a TLS connection on a TCP router, the read deadline used to bound protocol sniffing is cleared befor...

GHSA-XW98-5Q62-JX94 Traefik: tcp router clears read deadlines before tls forwarding, enabling stalled handshakes (Slowloris DOS)

Impact There is a potential vulnerability in Traefik managing TLS handshake on TCP routers. When Traefik processes a TLS connection on a TCP router, the read deadline used to bound protocol sniffing is cleared before the TLS handshake is completed. When a TLS handshake read error occurs, the code...

Traefik: tcp router clears read deadlines before tls forwarding, enabling stalled handshakes (Slowloris DOS)

Impact There is a potential vulnerability in Traefik managing TLS handshake on TCP routers. When Traefik processes a TLS connection on a TCP router, the read deadline used to bound protocol sniffing is cleared before the TLS handshake is completed. When a TLS handshake read error occurs, the code...

PT-2026-23084

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.38 and versions prior to 3.6.9 Description Traefik, an HTTP reverse proxy and load balancer, has an issue in its handling of TLS handshakes on TCP routers. The read deadline used for protocol sniffing is cleared...