Lucene search
K

8 matches found

NVD
NVD
added 2026/06/23 8:16 p.m.8 views

CVE-2026-48491

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerability in Traefik's domain-fronting protection SNICheck that allows an unauthenticated client to bypass mutual TLS enforced through wildcard router TLSOptions. When a router uses a wildcard...

10CVSS0.00245EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/23 7:12 p.m.38 views

CVE-2026-48491 Traefik: SNICheck ignores wildcard TLSOptions mappings, allowing domain-fronted mTLS bypass

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerability in Traefik's domain-fronting protection SNICheck that allows an unauthenticated client to bypass mutual TLS enforced through wildcard router TLSOptions. When a router uses a wildcard...

7.8CVSS0.00245EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/23 7:12 p.m.5 views

CVE-2026-48491 Traefik: SNICheck ignores wildcard TLSOptions mappings, allowing domain-fronted mTLS bypass

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerability in Traefik's domain-fronting protection SNICheck that allows an unauthenticated client to bypass mutual TLS enforced through wildcard router TLSOptions. When a router uses a wildcard...

7.8CVSS5.9AI score0.00245EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 7:12 p.m.6 views

CVE-2026-48491

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerability in Traefik's domain-fronting protection SNICheck that allows an unauthenticated client to bypass mutual TLS enforced through wildcard router TLSOptions. When a router uses a wildcard...

7.8CVSS5.9AI score0.00245EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/06/23 7:12 p.m.12 views

CVE-2026-48491

CVE-2026-48491 (Traefik) describes a high-severity vulnerability in Traefik 3.7.0–3.7.3 where SNICheck ignores wildcard TLSOptions mappings. An unauthenticated client can complete a TLS handshake with a permissive SNI on the same entrypoint and then send a Host header targeting a wildcard-protect...

10CVSS5.9AI score0.00245EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/06/23 7:12 p.m.2 views

CVE-2026-48491 Traefik: SNICheck ignores wildcard TLSOptions mappings, allowing domain-fronted mTLS bypass

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerability in Traefik's domain-fronting protection SNICheck that allows an unauthenticated client to bypass mutual TLS enforced through wildcard router TLSOptions. When a router uses a wildcard...

7.8CVSS6AI score0.00245EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2026/06/16 7:2 p.m.79 views

Traefik: SNICheck ignores wildcard TLSOptions mappings, allowing domain-fronted mTLS bypass

Summary There is a high severity vulnerability in Traefik's domain-fronting protection SNICheck that allows an unauthenticated client to bypass mutual TLS enforced through wildcard router TLSOptions. When a router uses a wildcard host rule such as Host.example.com with stricter TLS options for...

10CVSS5.1AI score0.00245EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.16 views

PT-2026-50143

Name of the Vulnerable Software and Affected Versions Traefik versions 3.7.0 through 3.7.2 Description An issue in the SNICheck domain-fronting protection allows an unauthenticated client to bypass mutual TLS mTLS enforced through wildcard router TLSOptions. When a router uses a wildcard host rul...

10CVSS5.2AI score0.00245EPSS
Exploits1References12
Rows per page
Query Builder