CVE-2026-48491— Traefik SNI检查忽略通配符TLS配置导致mTLS绕过
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2026-48491 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗ 尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Traefik: SNICheck ignores wildcard TLSOptions mappings, allowing domain-fronted mTLS bypass
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
Traefik is an HTTP reverse proxy and load balancer. From 3.7.0 until 3.7.3, there is a high severity vulnerability in Traefik's domain-fronting protection (SNICheck) that allows an unauthenticated client to bypass mutual TLS enforced through wildcard router TLSOptions. When a router uses a wildcard host rule such as Host(*.example.com) with stricter TLS options (for example RequireAndVerifyClientCert), SNICheck resolves the TLS options for the HTTP Host header using exact map lookups only and never applies wildcard matching. If another permissive SNI is served on the same entrypoint, an attacker can complete the TLS handshake under the permissive options and then send an HTTP Host header targeting the wildcard-protected backend, reaching it without presenting a client certificate. This affects the regular HTTPS / HTTP-2 path and does not require HTTP/3. This vulnerability is fixed in 3.7.3.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
使用候选路径或通道进行的认证绕过
来源: 美国国家漏洞数据库 NVD
受影响产品
二、漏洞 CVE-2026-48491 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
AI 生成 POC高级
未找到公开 POC。
登录以生成 AI POC三、漏洞 CVE-2026-48491 的情报信息
请登录查看更多情报信息。
CVE-2026-48491 其他参考 (2)
同批安全公告 · traefik · 2026-06-23 · 共 6 条
| CVE-2023-54365 | 7.5 HIGH | Traefik HTTP/2请求处理拒绝服务漏洞 |
| CVE-2026-53622 | Traefik HTTP/3 mTLS绕过漏洞 | |
| CVE-2026-48020 | Traefik StripPrefix路径规范化导致的路由级认证绕过漏洞 | |
| CVE-2026-54762 | Traefik Kubernetes Ingress NGINX Provider 认证密钥解析失败导致开放访问 | |
| CVE-2026-54761 | Traefik 允许未授权暴露内部服务的漏洞 |
IV. Related Vulnerabilities
V. Comments for CVE-2026-48491
暂无评论