Lucene search
K

1039 matches found

OSV
OSV
added 2026/06/25 6:43 p.m.4 views

GO-2026-5277 Traefik: Gateway API TraefikService backend accepts rest@internal, allowing unauthorized exposure of the REST provider despite providers.rest.insecure=false in github.com/traefik/traefik

Traefik: Gateway API TraefikService backend accepts rest@internal, allowing unauthorized exposure of the REST provider despite providers.rest.insecure=false in github.com/traefik/traefik...

9.9CVSS5.8AI score0.00468EPSS
Exploits1References5
OSV
OSV
added 2026/06/25 6:26 p.m.4 views

GO-2026-5083 Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services in github.com/traefik/traefik

Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services in github.com/traefik/traefik...

7.1CVSS5.8AI score0.00318EPSS
Exploits2References3
OSV
OSV
added 2026/06/25 6:26 p.m.4 views

GO-2026-5128 Traefik Kubernetes Ingress NGINX provider fails open when auth-secret resolution fails in github.com/traefik/traefik

Traefik Kubernetes Ingress NGINX provider fails open when auth-secret resolution fails in github.com/traefik/traefik...

8.6CVSS5.8AI score0.0036EPSS
Exploits1References2
OSV
OSV
added 2026/06/25 6:26 p.m.4 views

GO-2026-5163 Traefik's ForwardAuth trustForwardHeader=false allows spoofed X-Forwarded-Prefix to bypass authentication in github.com/traefik/traefik

Traefik's ForwardAuth trustForwardHeader=false allows spoofed X-Forwarded-Prefix to bypass authentication in github.com/traefik/traefik...

10CVSS5.8AI score0.00267EPSS
Exploits1References5
OSV
OSV
added 2026/06/25 6:26 p.m.4 views

GO-2026-5149 Traefik: Pre-authentication decision bypass due to forwarded alias spoofing in github.com/traefik/traefik

Traefik: Pre-authentication decision bypass due to forwarded alias spoofing in github.com/traefik/traefik...

10CVSS5.8AI score0.00479EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/24 8:21 p.m.6 views

CVE-2023-54365

A flaw was found in Traefik's HTTP/2 request handling. A remote attacker can exploit this vulnerability by rapidly creating and canceling HTTP/2 streams. This can exhaust server resources, leading to a denial of service DoS and making the service unavailable to legitimate users. This issue is...

8.7CVSS5.9AI score0.00566EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/24 7:27 a.m.7 views

CVE-2026-54762

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. When an Ingress is configured to use BasicAuth or DigestAuth, but the associated authentication secret cannot be resolved or is malformed, Traefik fails to apply the authentication middleware. This allows unauthenticated access...

8.6CVSS5.8AI score0.0036EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/24 7:25 a.m.7 views

CVE-2026-53622

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This critical vulnerability in Traefik's HTTP/3 QUIC TLS configuration selection allows unauthenticated clients to bypass router-specific mutual Transport Layer Security mTLS enforcement. When HTTP/3 is enabled and a router use...

10CVSS5.9AI score0.0024EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/24 7:25 a.m.7 views

CVE-2026-48491

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This vulnerability allows an unauthenticated client to bypass mutual Transport Layer Security TLS enforcement, a security measure that verifies both client and server identities. The bypass occurs due to an issue in Traefik's...

10CVSS5.8AI score0.00245EPSS
Exploits1References5
NVD
NVD
added 2026/06/23 8:16 p.m.7 views

CVE-2026-54761

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlis...

7.1CVSS0.00318EPSS
Exploits2References3
NVD
NVD
added 2026/06/23 8:16 p.m.8 views

CVE-2026-54762

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider that causes affected routes to fail open. When an Ingress explicitly enables BasicAuth or DigestAuth through the supported...

8.6CVSS0.0036EPSS
Exploits1References2
NVD
NVD
added 2026/06/23 8:16 p.m.7 views

CVE-2026-48491

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerability in Traefik's domain-fronting protection SNICheck that allows an unauthenticated client to bypass mutual TLS enforced through wildcard router TLSOptions. When a router uses a wildcard...

10CVSS0.00245EPSS
Exploits1References5
NVD
NVD
added 2026/06/23 8:16 p.m.7 views

CVE-2026-53622

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.7.3, there is a critical vulnerability in Traefik's HTTP/3 QUIC TLS configuration selection that allows unauthenticated clients to bypass router-specific mTLS enforcement. When HTTP/3 is enabled on an entrypoint, the TLS handshake...

10CVSS0.0024EPSS
Exploits1References5
NVD
NVD
added 2026/06/23 8:16 p.m.6 views

CVE-2026-48020

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.48, 3.6.19, and 3.7.3, there is a high severity vulnerability in Traefik's StripPrefix middleware that allows an unauthenticated attacker to bypass route-level authentication and authorization. When a public router matches on a...

10CVSS0.00591EPSS
Exploits2References7
ATTACKERKB
ATTACKERKB
added 2026/06/23 7:17 p.m.5 views

CVE-2026-54762

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider that causes affected routes to fail open. When an Ingress explicitly enables BasicAuth or DigestAuth through the supported...

5.9CVSS5.9AI score0.0036EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/06/23 7:17 p.m.16 views

CVE-2026-54762

Traefik’s Kubernetes Ingress NGINX provider (versions 3.7.0-ea.1 through 3.7.5) contains a medium-severity fail-open vulnerability: if an Ingress enables BasicAuth or DigestAuth but the referenced auth-secret cannot be resolved or parsed, Traefik logs an error, skips installing the authentication...

8.6CVSS5.9AI score0.0036EPSS
Exploits1References2Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/23 7:17 p.m.6 views

CVE-2026-54762

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider that causes affected routes to fail open. When an Ingress explicitly enables BasicAuth or DigestAuth through the supported...

8.6CVSS5.8AI score0.0036EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/23 7:17 p.m.38 views

CVE-2026-54762 Traefik Kubernetes Ingress NGINX provider fails open when auth-secret resolution fails

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider that causes affected routes to fail open. When an Ingress explicitly enables BasicAuth or DigestAuth through the supported...

5.9CVSS0.0036EPSS
Exploits1References2
OSV
OSV
added 2026/06/23 7:17 p.m.3 views

CVE-2026-54762 Traefik Kubernetes Ingress NGINX provider fails open when auth-secret resolution fails

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider that causes affected routes to fail open. When an Ingress explicitly enables BasicAuth or DigestAuth through the supported...

5.9CVSS6AI score0.0036EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/06/23 7:15 p.m.4 views

CVE-2026-54761

Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple WRR backendRefs, Traefik evaluates the allowlis...

6CVSS5.9AI score0.00318EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder