CVE-2026-40912

Exploit

EPSS 0.07%
Veröffentlicht 30.04.2026 20:38:21
Zuletzt bearbeitet 01.05.2026 17:42:32
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Traefik: StripPrefixRegex auth bypass via Path/RawPath desync

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, BasicAuth, or DigestAuth. The middleware matches the regex against the decoded URL path but uses the resulting byte length to slice the percent-encoded raw path. When a dot (or multiple dots) appears in the prefix portion of the URL, the raw path after stripping becomes a dot-segment (e.g. /./admin/secret). ForwardAuth receives this dot-segment path in X-Forwarded-Uri, which does not match the protected path patterns and therefore allows the request through. The backend then normalizes the dot-segment to the real path per RFC 3986 and serves the protected content An unauthenticated attacker can exploit this against any backend that performs dot-segment normalization. This issue has been patched in versions 2.11.43, 3.6.14, and 3.7.0-rc.2.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

NVD 6 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Traefik ≫ Traefik Version < 2.11.43

Traefik ≫ Traefik Version >= 3.0.0 < 3.6.14

Traefik ≫ Traefik Version3.7.0 Updateea1

Traefik ≫ Traefik Version3.7.0 Updateea2

Traefik ≫ Traefik Version3.7.0 Updateea3

Traefik ≫ Traefik Version3.7.0 Updaterc1

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.207

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
security-advisories@github.com	7.8	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-706 Use of Incorrectly-Resolved Name or Reference

The product uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.

https://github.com/traefik/traefik/releases/tag/v2.11.43

Product

Release Notes

https://github.com/traefik/traefik/releases/tag/v3.6.14

Product

Release Notes

https://github.com/traefik/traefik/releases/tag/v3.7.0-rc.2

Product

Release Notes

https://github.com/traefik/traefik/security/advisories/GHSA-6jwx-7vp4-9847

Patch

Vendor Advisory