BIT-AUTHENTIK-2026-25748 authentik has a forward authentication bypass with broken cookie

authentik is an open-source identity provider. Prior to 2025.10.4 and 2025.12.4, with a malformed cookie it was possible to bypass authentication when using forward authentication in the authentik Proxy Provider when used in conjunction with Traefik or Caddy as reverse proxy. When a malicious...

CVE-2026-25748

authentik is an open-source identity provider. Prior to 2025.10.4 and 2025.12.4, with a malformed cookie it was possible to bypass authentication when using forward authentication in the authentik Proxy Provider when used in conjunction with Traefik or Caddy as reverse proxy. When a malicious...

CVE-2026-25748

authentik is an open-source identity provider. Prior to 2025.10.4 and 2025.12.4, with a malformed cookie it was possible to bypass authentication when using forward authentication in the authentik Proxy Provider when used in conjunction with Traefik or Caddy as reverse proxy. When a malicious...

EUVD-2025-16088

Malicious code in bioql PyPI...

CVE-2025-47952 Traefik allows path traversal using url encoding

Traefik pronounced traffic is an HTTP reverse proxy and load balancer. Prior to versions 2.11.25 and 3.4.1, there is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a...

CVE-2025-34026

The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This issue is kno...

CVE-2025-34026

The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This issue is kno...

CVE-2025-34027

The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The Spack upload endpoint can be leveraged for a Time-of-Check to Time-of-Use TOCTOU write in combination...

CVE-2025-34026

Versa Concerto (SD-WAN) contains an authentication bypass in the Traefik reverse proxy configuration that guards the Spring Boot Actuator endpoints. The flaw allows an unauthenticated attacker to reach administrative endpoints, including the Actuator endpoints that can expose heap dumps and trace...

CVE-2025-34027 Versa Concerto Authentication Bypass File Write Remote Code Execution

The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The Spack upload endpoint can be leveraged for a Time-of-Check to Time-of-Use TOCTOU write in combination...

CVE-2025-34027

Summary of CVE-2025-34027: Versa Concerto SD-WAN exposes an authentication bypass in the Traefik reverse proxy configuration, enabling unauthorized access to administrative endpoints. In addition, the Spack upload endpoint can trigger a TOCTOU race with path loading manipulation to achieve remote...

Versa Concerto SD-WAN 安全漏洞

Versa Concerto SD-WAN is an easy-to-use user interface from Versa for configuring and monitoring Versa OS devices in a secure SD-WAN. A security vulnerability exists in Versa Concerto SD-WAN versions 12.1.2 through 12.2.0, which stems from an authentication bypass in the Traefik Reverse Proxy...

PT-2025-22441

Name of the Vulnerable Software and Affected Versions Versa Concerto SD-WAN orchestration platform versions 12.1.2 through 12.2.0 Description The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing an attacker...

PT-2025-22440

Name of the Vulnerable Software and Affected Versions Versa Concerto versions 12.1.2 through 12.2.0 Description The Versa Concerto SD-WAN orchestration platform has an authentication bypass issue in the Traefik reverse proxy configuration. This allows an attacker to access administrative endpoint...