Lucene search
+L

15 matches found

osv
osv
added 2026/06/25 10:34 p.m.5 views

GO-2026-5752 Traefik has a StripPrefix Route-Level Auth Bypass via Path Normalization in github.com/traefik/traefik

Traefik has a StripPrefix Route-Level Auth Bypass via Path Normalization in github.com/traefik/traefik...

10CVSS5.8AI score0.00591EPSS
Exploits2References4
cvelist
cvelist
added 2026/06/23 7:10 p.m.39 views

CVE-2026-48020 Traefik StripPrefix Route-Level Auth Bypass via Path Normalization

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.48, 3.6.19, and 3.7.3, there is a high severity vulnerability in Traefik's StripPrefix middleware that allows an unauthenticated attacker to bypass route-level authentication and authorization. When a public router matches on a...

7.8CVSS0.00591EPSS
Exploits2References4
susecve
susecve
added 2026/05/05 1:45 a.m.8 views

SUSE CVE-2026-40912

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches...

8.2CVSS5.7AI score0.00767EPSS
Exploits1References3
nessus
nessus
added 2026/05/02 12:0 a.m.6 views

Traefik < 2.11.43 / 3.x < 3.6.14 Multiple Vulnerabilities

The version of Traefik installed on the remote macOS host is prior to 2.11.43 or 3.x prior to 3.6.14. It is, therefore, affected by multiple vulnerabilities: - An authentication bypass via StripPrefixRegex and ForwardAuth dot-segment normalization. When StripPrefixRegex processes URLs with...

10CVSS5.8AI score0.00767EPSS
Exploits4References10
alpinelinux
alpinelinux
added 2026/04/30 8:38 p.m.11 views

CVE-2026-40912

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches...

8.2CVSS5.7AI score0.00767EPSS
Exploits1References4
cvelist
cvelist
added 2026/04/30 8:38 p.m.35 views

CVE-2026-40912 Traefik: StripPrefixRegex auth bypass via Path/RawPath desync

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches...

7.8CVSS0.00767EPSS
Exploits1References4
cve
cve
added 2026/04/30 8:38 p.m.34 views

CVE-2026-40912

CVE-2026-40912 affects Traefik’s StripPrefixRegex middleware used with ForwardAuth, BasicAuth, or DigestAuth. The vulnerability arises because the middleware matches a decoded URL path against a regex but uses that length to slice the percent-encoded RawPath, which can produce a dot-segment (e.g....

8.6CVSS5.3AI score0.00767EPSS
Exploits1References8Affected Software1
osv
osv
added 2026/04/30 8:38 p.m.2 views

CVE-2026-40912 Traefik: StripPrefixRegex auth bypass via Path/RawPath desync

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches...

7.8CVSS7.1AI score0.00767EPSS
Exploits1References10
snyk
snyk
added 2026/04/24 4:37 p.m.3 views

Use of Incorrectly-Resolved Name or Reference

Overview Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference in StripPrefixRegex, when used together with ForwardAuth, BasicAuth, or DigestAuth. An attacker can gain unauthorized access to protected backend resources by sending requests with...

9.1CVSS5.5AI score0.00767EPSS
Exploits1References2
snyk
snyk
added 2026/04/24 4:37 p.m.4 views

Use of Incorrectly-Resolved Name or Reference

Overview Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference in StripPrefixRegex, when used together with ForwardAuth, BasicAuth, or DigestAuth. An attacker can gain unauthorized access to protected backend resources by sending requests with...

9.1CVSS5.5AI score0.00767EPSS
Exploits1References2
snyk
snyk
added 2026/04/24 4:37 p.m.7 views

Use of Incorrectly-Resolved Name or Reference

Overview Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference in StripPrefixRegex, when used together with ForwardAuth, BasicAuth, or DigestAuth. An attacker can gain unauthorized access to protected backend resources by sending requests with...

9.1CVSS5.5AI score0.00767EPSS
Exploits1References2
snyk
snyk
added 2026/04/24 4:37 p.m.6 views

Use of Incorrectly-Resolved Name or Reference

Overview Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference in StripPrefixRegex, when used together with ForwardAuth, BasicAuth, or DigestAuth. An attacker can gain unauthorized access to protected backend resources by sending requests with...

9.1CVSS5.5AI score0.00767EPSS
Exploits1References2
osv
osv
added 2026/04/24 4:37 p.m.3 views

GHSA-6JWX-7VP4-9847 Traefik has an StripPrefixRegex Middleware Authorization Bypass via Path/RawPath Desync

Summary There is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches the regex against the decoded URL path but uses the resulting byte length to slice the...

8.2CVSS5.8AI score0.00767EPSS
Exploits1References6
ptsecurity
ptsecurity
added 2026/04/22 12:0 a.m.8 views

PT-2026-36179

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.43 Traefik versions prior to 3.6.14 Traefik versions prior to 3.7.0-rc.2 Description An authentication bypass exists in the StripPrefixRegex middleware when used with ForwardAuth, BasicAuth, or DigestAuth. The...

8.5CVSS5.8AI score0.00767EPSS
Exploits1References20
githubexploit
githubexploit
added 2026/04/02 12:19 p.m.128 views

Exploit for OS Command Injection in Cacti

CVE-2022-46169 Reproduction Template Project Structure -...

9.8CVSS7.4AI score0.99826EPSS
Exploits48
Rows per page
Query Builder