Package impact
Go / github.com/traefik/traefik/v3
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-40912 | high | 8.2 | 8.2 | 27d ago | Traefik has an StripPrefixRegex Middleware Authorization Bypass via Path/RawPath Desync | |
| CVE-2026-41174 | medium | 6.4 | 6.4 | 27d ago | Traefik Kubernetes CRD allows unauthorized cross-namespace middleware binding | |
| CVE-2026-41181 | medium | 5.8 | 5.8 | 13d ago | Traefik's errors middleware forwards Authorization and Cookie headers to separate error page service | |
| CVE-2026-41263 | low | 3.7 | 3.7 | 27d ago | Traefik: A timing side-channel vulnerability allows for valid username enumeration via BasicAuth middleware |