VIR Vulnerability Intelligence Relay

Package impact

golang Go / github.com/traefik/traefik/v3

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-39858 critical 10.0 10.0 27d ago Traefik: Pre-authentication decision bypass due to forwarded alias spoofing golang
CVE-2026-35051 critical 10.0 10.0 27d ago Traefik's ForwardAuth trustForwardHeader=false allows spoofed X-Forwarded-Prefix to bypass authentication golang
CVE-2026-44774 critical 9.9 9.9 12d ago Traefik: Gateway API TraefikService backend accepts rest@internal, allowing unauthorized exposure of the REST provider despite providers.rest.insecure=false golang
CVE-2026-41263 low 3.7 3.7 27d ago Traefik: A timing side-channel vulnerability allows for valid username enumeration via BasicAuth middleware golang