Traefik

Traefik

50 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 0.45%
  • Veröffentlicht 15.05.2026 16:27:14
  • Zuletzt bearbeitet 19.05.2026 12:24:19

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.44, 3.6.15, and 3.7.0-rc.3, there is an information disclosure vulnerability in Traefik's errors (custom error pages) middleware. When the backend returns a response matching the confi...

  • EPSS 0.37%
  • Veröffentlicht 30.04.2026 20:39:49
  • Zuletzt bearbeitet 01.05.2026 17:37:12

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a timing side-channel vulnerability in Traefik's BasicAuth middleware that allows an attacker to enumerate valid usernames through respons...

Exploit
  • EPSS 0.77%
  • Veröffentlicht 30.04.2026 20:38:21
  • Zuletzt bearbeitet 30.06.2026 03:19:21

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with ForwardAuth, Ba...

Exploit
  • EPSS 0.48%
  • Veröffentlicht 30.04.2026 20:26:26
  • Zuletzt bearbeitet 30.06.2026 03:19:07

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's ForwardAuth and snippet-based authentication middleware. Traefik's forwar...

Exploit
  • EPSS 0.27%
  • Veröffentlicht 30.04.2026 20:26:06
  • Zuletzt bearbeitet 30.06.2026 03:19:01

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is an authentication bypass vulnerability in Traefik's ForwardAuth middleware when trustForwardHeader=false is configured and Traefik is depl...

Exploit
  • EPSS 0.25%
  • Veröffentlicht 30.04.2026 20:20:29
  • Zuletzt bearbeitet 01.05.2026 17:39:35

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCr...

Exploit
  • EPSS 0.47%
  • Veröffentlicht 27.03.2026 13:49:08
  • Zuletzt bearbeitet 30.06.2026 03:18:40

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.42, 3.6.11, and 3.7.0-ea.3, when `headerField` is configured with a non-canonical HTTP header name (e.g., `x-auth-user` instead of `X-Auth-User`), an authenticated attacker ca...

Exploit
  • EPSS 0.46%
  • Veröffentlicht 27.03.2026 13:47:03
  • Zuletzt bearbeitet 30.06.2026 03:18:33

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 3.6.11 and 3.7.0-ea.2, Traefik's Knative provider builds router rules by interpolating user-controlled values into backtick-delimited rule expressions without escaping. In live clu...

  • EPSS 0.39%
  • Veröffentlicht 20.03.2026 10:08:41
  • Zuletzt bearbeitet 24.03.2026 15:14:24

Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 comtain BasicAuth middleware that allows username enumeration via a timing attack. When a submitted username exists, the middle...

  • EPSS 0.41%
  • Veröffentlicht 20.03.2026 10:01:13
  • Zuletzt bearbeitet 30.06.2026 03:18:32

Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 are vulnerable to mTLS bypass through the TLS SNI pre-sniffing logic related to fragmented ClientHello packets. When a TLS Clie...