7 matches found
GO-2026-5752 Traefik has a StripPrefix Route-Level Auth Bypass via Path Normalization in github.com/traefik/traefik
Traefik has a StripPrefix Route-Level Auth Bypass via Path Normalization in github.com/traefik/traefik...
traefik -- Multiple vulnerabilities
The traefik project releases a new version addressing multiple CVEs: CVE-2026-48020 StripPrefix Route-Level Auth Bypass CVE-2026-48491 SNICheck ignores wildcard TLSOptions mappings, allowing domain-fronted mTLS bypass HTTP/3 mTLS bypass via exact SNI TLSOptions lookup for wildcard and mixed-case...
OpenClaw: Google Chat and Zalouser group sender allowlist bypass via policy downgrade
Summary When only a route-level group allowlist was configured, sender policy resolution silently downgraded from allowlist to open instead of preserving the configured group policy. Impact Any member of an allowlisted Google Chat space or Zalouser group could interact with the bot even when the...
GHSA-63MG-XP9J-JFCM OpenClaw: Google Chat and Zalouser group sender allowlist bypass via policy downgrade
Summary When only a route-level group allowlist was configured, sender policy resolution silently downgraded from allowlist to open instead of preserving the configured group policy. Impact Any member of an allowlisted Google Chat space or Zalouser group could interact with the bot even when the...
PT-2026-29258
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description The software contains a sender policy bypass issue in the Google Chat and Zalouser extensions. Route-level group allowlist policies are silently downgraded to open policy, allowing attackers to...
CVE-2026-32305 Traefik mTLS bypass via fragmented ClientHello SNI extraction failure
Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 are vulnerable to mTLS bypass through the TLS SNI pre-sniffing logic related to fragmented ClientHello packets. When a TLS ClientHello is fragmented across multiple records,...
Interesting new filters on Spring Cloud Gateway 4.0
Spring Cloud Gateway 4.0 is finally here! Thanks to our community contributions we have introduced new features and interesting filters. This blog post details new noteworthy and explains some of the new filters included, how they work and how you can use it to provide more insights into your...