VIR Vulnerability Intelligence Relay

Package impact

golang Go / github.com/traefik/traefik/v2

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-39858 critical 10.0 10.0 28d ago Traefik: Pre-authentication decision bypass due to forwarded alias spoofing golang
CVE-2026-35051 critical 10.0 10.0 28d ago Traefik's ForwardAuth trustForwardHeader=false allows spoofed X-Forwarded-Prefix to bypass authentication golang
CVE-2026-44774 critical 9.9 9.9 13d ago Traefik: Gateway API TraefikService backend accepts rest@internal, allowing unauthorized exposure of the REST provider despite providers.rest.insecure=false golang
CVE-2026-40912 high 8.2 8.2 28d ago Traefik has an StripPrefixRegex Middleware Authorization Bypass via Path/RawPath Desync golang
CVE-2026-41263 low 3.7 3.7 28d ago Traefik: A timing side-channel vulnerability allows for valid username enumeration via BasicAuth middleware golang
CVE-2021-32813 low 2.5 5y ago Header dropping in traefik in github.com/traefik/traefik archgolang