Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

traefik — Vulnerabilities & Security Advisories 29

All 29 CVE vulnerabilities found in traefik, with AI-generated Chinese analysis, references, and POCs.

Vendor: traefik

CVE IDTitleCVSSSeverityPublished
CVE-2026-33433 Traefik Vulnerable to BasicAuth/DigestAuth Identity Spoofing via Non-Canonical headerField CWE-290 8.1 -2026-03-27
CVE-2026-32695 Traefik has Knative Ingress Rule Injection that Allows Host Restriction Bypass CWE-74 10.0 -2026-03-27
CVE-2026-32595 Traefik: BasicAuth Middleware Timing Attack Allows Username Enumeration CWE-208 3.7 -2026-03-20
CVE-2026-32305 Traefik mTLS bypass via fragmented ClientHello SNI extraction failure CWE-287 7.5 -2026-03-20
CVE-2026-29777 Traefik has a kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values CWE-74 5.4AIMediumAI2026-03-11
CVE-2026-29054 Traefik: lowercase `Connection` tokens can delete traefik-managed forwarded identity headers (for example, `X-Real-Ip`) CWE-178 7.5 High2026-03-05
CVE-2026-26999 Traefik: tcp router clears read deadlines before tls forwarding, enabling stalled handshakes (slowloris doS) CWE-400 7.5 High2026-03-05
CVE-2026-26998 Traefik: unbounded io.ReadAll on auth server response body causes OOM denial of service(DOS) CWE-770 4.4 Medium2026-03-05
CVE-2026-25949 Traefik: TCP readTimeout bypass via STARTTLS on Postgres CWE-400 7.5 High2026-02-12
CVE-2026-22045 Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall CWE-770 5.9 Medium2026-01-15
CVE-2025-66491 Traefik has Inverted TLS Verification Logic in its ingress-nginx Provider CWE-295 5.9 Medium2025-12-09
CVE-2025-66490 Traefik doesn't Prevent Path Normalization Bypass in Router + Middleware Rules CWE-436 9.8AICriticalAI2025-12-09
CVE-2025-54386 Traefik's Client Plugin is Vulnerable to Path Traversal, Arbitrary File Overwrites and Remote Code Execution CWE-22 9.8 -2025-08-01
CVE-2025-47952 Traefik allows path traversal using url encoding CWE-22 9.1AICriticalAI2025-05-30
CVE-2025-32431 Traefik has a possible vulnerability with the path matchers CWE-22 5.9 -2025-04-21
CVE-2024-52003 X-Forwarded-Prefix Header still allows for Open Redirect in traefik CWE-601 5.3 -2024-11-29
CVE-2024-45410 HTTP client can remove the X-Forwarded headers in Traefik CWE-345 9.8 Critical2024-09-19
CVE-2024-39321 Traefik vulnerable to bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes CWE-639 7.5 High2024-07-05
CVE-2024-28869 Possible denial of service vulnerability with Content-length header in Traefik CWE-755 7.5 High2024-04-12
CVE-2023-47633 Uncontrolled Resource Consumption in Traefik CWE-400 7.5 High2023-12-04
CVE-2023-47106 Incorrect processing of fragment in the URL leads to Authorization Bypass in Traefik CWE-20 4.8 Medium2023-12-04
CVE-2023-47124 Denial of service whith ACME HTTPChallenge in Traefik CWE-772 5.9 Medium2023-12-04
CVE-2023-29013 HTTP header parsing could cause a deny of service CWE-400 7.5 High2023-04-14
CVE-2022-46153 Routes exposed with an empty TLSOption in traefik CWE-295 8.1 High2022-12-08
CVE-2022-23469 Authorization header displayed in the debug logs CWE-200 3.5 Low2022-12-08
CVE-2022-39271 Traefik HTTP/2 connections management could cause a denial of service CWE-400 7.5 High2022-10-11
CVE-2022-23632 Traefik skips the router TLS configuration when the host header is an FQDN CWE-295 7.4 High2022-02-17
CVE-2021-32813 Drop Headers via Malicious Connection Header CWE-913 4.8 Medium2021-08-03
CVE-2020-15129 Open redirect in Traefik CWE-601 6.1 Medium2020-07-30

All 29 known CVE vulnerabilities affecting traefik with full Chinese analysis, references, and POCs where available.