VIR Vulnerability Intelligence Relay

Package impact

golang Go / github.com/traefik/traefik

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-39858 critical 10.0 10.0 27d ago Traefik: Pre-authentication decision bypass due to forwarded alias spoofing golang
CVE-2026-35051 critical 10.0 10.0 27d ago Traefik's ForwardAuth trustForwardHeader=false allows spoofed X-Forwarded-Prefix to bypass authentication golang
CVE-2026-44774 critical 9.9 9.9 12d ago Traefik: Gateway API TraefikService backend accepts rest@internal, allowing unauthorized exposure of the REST provider despite providers.rest.insecure=false golang
CVE-2026-40912 high 8.2 8.2 27d ago Traefik has an StripPrefixRegex Middleware Authorization Bypass via Path/RawPath Desync golang
CVE-2026-41174 medium 6.4 6.4 27d ago Traefik Kubernetes CRD allows unauthorized cross-namespace middleware binding golang
CVE-2026-41263 low 3.7 3.7 27d ago Traefik: A timing side-channel vulnerability allows for valid username enumeration via BasicAuth middleware golang
CVE-2021-32813 low 2.5 5y ago Header dropping in traefik in github.com/traefik/traefik archgolang
CVE-2026-33433 unknown 2mo ago Traefik Vulnerable to BasicAuth/DigestAuth Identity Spoofing via Non-Canonical headerField in github.com/traefik/traefik susegolang
CVE-2026-32695 unknown 2mo ago Traefik has Knative Ingress Rule Injection that Allows Host Restriction Bypass in github.com/traefik/traefik golang
CVE-2026-32595 unknown 2mo ago Traefik Affected by BasicAuth Middleware Timing Attack Allows Username Enumeration in github.com/traefik/traefik golang
CVE-2026-32305 unknown 2mo ago Traefik has a Potential mTLS Bypass via Fragmented TLS ClientHello Causing Pre-SNI Sniff Fallback to Default Non-mTLS TLS Config in github.com/traefik/traefik golang
CVE-2026-29777 unknown 3mo ago Traefik: kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values in github.com/traefik/traefik golang
CVE-2026-29054 unknown 3mo ago traefik CVE-2024-45410 fix bypass: lowercase `Connection` tokens can delete traefik-managed forwarded identity headers (for example, `X-Real-Ip`) in github.com/traefik/traefik golang
CVE-2026-26999 unknown 3mo ago Traefik: tcp router clears read deadlines before tls forwarding, enabling stalled handshakes (Slowloris DOS) in github.com/traefik/traefik golang
CVE-2026-26998 unknown 3mo ago Traefik has unbounded io.ReadAll on auth server response body that causes OOM DOS in github.com/traefik/traefik golang
CVE-2026-25949 unknown 3mo ago Traefik: TCP readTimeout bypass via STARTTLS on Postgres in github.com/traefik/traefik susegolang
CVE-2026-22045 unknown 4mo ago Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall in github.com/traefik/traefik golang
CVE-2025-66491 unknown 6mo ago Traefik Inverted TLS Verification Logic in ingress-nginx Provider in github.com/traefik/traefik golang
CVE-2025-66490 unknown 6mo ago Path Normalization Bypass in Traefik Router + Middleware Rules in github.com/traefik/traefik susegolang
CVE-2025-54386 unknown 10mo ago Traefik Client Plugin's Path Traversal Vulnerability Allows Arbitrary File Overwrite and Remote Code Execution in github.com/traefik/traefik golang
CVE-2025-47952 unknown 1y ago Traefik allows path traversal using url encoding in github.com/traefik/traefik golang
CVE-2025-32431 unknown 1y ago Traefik has a possible vulnerability with the path matchers in github.com/traefik/traefik golang
CVE-2024-52003 unknown 2y ago Traefik's X-Forwarded-Prefix Header still allows for Open Redirect in github.com/traefik/traefik golang
CVE-2024-45410 unknown 2y ago HTTP client can manipulate custom HTTP headers that are added by Traefik in github.com/traefik/traefik golang
CVE-2024-39321 unknown 2y ago Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes in github.com/traefik/traefik golang
CVE-2024-28869 unknown 2y ago Traefik vulnerable to denial of service with Content-length header in github.com/traefik/traefik golang
CVE-2023-47633 unknown 3y ago Traefik docker container using 100% CPU in github.com/traefik/traefik golang
CVE-2023-47124 unknown 3y ago Traefik vulnerable to potential DDoS via ACME HTTPChallenge in github.com/traefik/traefik golang
CVE-2023-47106 unknown 3y ago Traefik incorrectly processes fragment in the URL, leads to Authorization Bypass in github.com/traefik/traefik golang
CVE-2022-23469 unknown 4y ago Traefik may display authorization header in the debug logs in github.com/traefik/traefik golang
CVE-2022-46153 unknown 4y ago Traefik routes exposed with an empty TLSOption in github.com/traefik/traefik golang
CVE-2019-12452 unknown 4y ago Containous Traefik Exposes Password Hashes in github.com/traefik/traefik golang
CVE-2018-15598 unknown 4y ago Traefik Missing Authentication in github.com/traefik/traefik golang
CVE-2022-23632 unknown 4y ago Skip the router TLS configuration when the host header is an FQDN in github.com/traefik/traefik golang
CVE-2020-15129 unknown 4y ago Traefik vulnerable to Open Redirect via handling of X-Forwarded-Prefix header golang
CVE-2020-9321 unknown 5y ago Improper Certificate Handling in github.com/containous/traefik golang