Lucene search
K

12 matches found

Cvelist
Cvelist
added 2 days ago41 views

CVE-2026-54764 ForwardAuth middleware leaks X-Forwarded-Port spoofing via untrusted X-Forwarded-Proto when trustForwardHeader=false

Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik's ForwardAuth middleware, even when configured with trustForwardHeader: false, derives the X-Forwarded-Port header sent to the authentication service from the original incoming request instead of t...

6.9CVSS0.00418EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 6:26 p.m.4 views

GO-2026-5163 Traefik's ForwardAuth trustForwardHeader=false allows spoofed X-Forwarded-Prefix to bypass authentication in github.com/traefik/traefik

Traefik's ForwardAuth trustForwardHeader=false allows spoofed X-Forwarded-Prefix to bypass authentication in github.com/traefik/traefik...

10CVSS5.8AI score0.00267EPSS
Exploits1References5
Veracode
Veracode
added 2026/05/14 5:48 p.m.11 views

Authentication Bypass

Traefik is vulnerable to Authentication Bypass. The vulnerability is due to improper handling in the ForwardAuth middleware when trustForwardHeader=false is configured behind a trusted upstream proxy, which allows an attacker to bypass authentication controls and gain unauthorized access...

10CVSS5.8AI score0.00267EPSS
Exploits1References10Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/08 12:6 p.m.12 views

CVE-2026-35051

A flaw was found in Traefik, an HTTP reverse proxy and load balancer. This authentication bypass vulnerability exists in Traefik's ForwardAuth middleware when the trustForwardHeader setting is configured as false and Traefik is deployed behind a trusted upstream proxy. A remote attacker could...

10CVSS5.8AI score0.00267EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2026/05/05 1:45 a.m.7 views

SUSE CVE-2026-35051

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is an authentication bypass vulnerability in Traefik's ForwardAuth middleware when trustForwardHeader=false is configured and Traefik is deployed behind a trusted upstream proxy. This issu...

10CVSS5.7AI score0.00267EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.6 views

Traefik < 2.11.43 / 3.x < 3.6.14 Multiple Vulnerabilities

The version of Traefik installed on the remote macOS host is prior to 2.11.43 or 3.x prior to 3.6.14. It is, therefore, affected by multiple vulnerabilities: - An authentication bypass via StripPrefixRegex and ForwardAuth dot-segment normalization. When StripPrefixRegex processes URLs with...

10CVSS5.8AI score0.00767EPSS
Exploits4References10
EUVD
EUVD
added 2026/04/30 8:26 p.m.7 views

EUVD-2026-26426

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is an authentication bypass vulnerability in Traefik's ForwardAuth middleware when trustForwardHeader=false is configured and Traefik is deployed behind a trusted upstream proxy. This issu...

7.8CVSS5.2AI score0.00267EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.13 views

Traefik 数据伪造问题漏洞

Traefik is an open-source reverse proxy and load balancing tool developed by Traefik. Versions prior to Traefik 2.11.43, 3.6.14, and 3.7.0-rc.2 contained a data manipulation vulnerability. This vulnerability stems from the ForwardAuth middleware, which has a authentication bypass vulnerability wh...

10CVSS5.7AI score0.00267EPSS
Exploits1References1
Snyk
Snyk
added 2026/04/24 4:31 p.m.4 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the ForwardAuth middleware when trustForwardHeader is set to false and the deployment is behind a trusted upstream proxy. An attacker can gain unauthorized access to protected backend...

10CVSS5.5AI score0.00267EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/24 4:31 p.m.4 views

Insufficient Verification of Data Authenticity

Overview Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the ForwardAuth middleware when trustForwardHeader is set to false and the deployment is behind a trusted upstream proxy. An attacker can gain unauthorized access to protected backend...

10CVSS5.5AI score0.00267EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/24 4:31 p.m.14 views

Traefik's ForwardAuth trustForwardHeader=false allows spoofed X-Forwarded-Prefix to bypass authentication

Summary There is a high-severity authentication bypass vulnerability in Traefik's ForwardAuth middleware when trustForwardHeader=false is configured and Traefik is deployed behind a trusted upstream proxy. While X-Forwarded- headers such as X-Forwarded-For, X-Forwarded-Host, and X-Forwarded-Proto...

10CVSS5.6AI score0.00267EPSS
Exploits1References6Affected Software3
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.6 views

PT-2026-36177

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.43 Traefik versions prior to 3.6.14 Traefik versions prior to 3.7.0-rc.2 Description An authentication bypass exists in the ForwardAuth middleware of Traefik, an HTTP reverse proxy and load balancer. This occurs...

10CVSS5.8AI score0.00267EPSS
Exploits1References23
Rows per page
Query Builder