CVE-2026-35051— Traefik: ForwardAuth trustForwardHeader=false allows spoofed X-Forwarded-Prefix to bypass auth
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-35051
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Traefik: ForwardAuth trustForwardHeader=false allows spoofed X-Forwarded-Prefix to bypass auth
Source: NVD (National Vulnerability Database)
Vulnerability Description
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is an authentication bypass vulnerability in Traefik's ForwardAuth middleware when trustForwardHeader=false is configured and Traefik is deployed behind a trusted upstream proxy. This issue has been patched in versions 2.11.43, 3.6.14, and 3.7.0-rc.2.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对数据真实性的验证不充分
Source: NVD (National Vulnerability Database)
Vulnerability Title
Traefik 数据伪造问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Traefik是Traefik开源的一款反向代理与负载均衡工具。 Traefik 2.11.43之前版本、3.6.14之前版本和3.7.0-rc.2之前版本存在数据伪造问题漏洞,该漏洞源于ForwardAuth中间件在配置trustForwardHeader=false且部署在受信任上游代理后存在认证绕过漏洞。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-35051
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-35051
请登录查看更多情报信息。
- Release v3.6.14 · traefik/traefik · GitHubx_refsource_MISC
- Release v2.11.43 · traefik/traefik · GitHubx_refsource_MISC
- Release v3.7.0-rc.2 · traefik/traefik · GitHubx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2026-35051
Same Patch Batch · traefik · 2026-04-30 · 5 CVEs total
| CVE-2026-41263 | Traefik: BasicAuth middleware: timing side-channel vulnerability | |
| CVE-2026-41174 | Traefik Kubernetes CRD allows unauthorized cross-namespace middleware binding | |
| CVE-2026-39858 | Traefik: Forwarded alias spoofing top pre-auth decision bypass | |
| CVE-2026-40912 | Traefik: StripPrefixRegex auth bypass via Path/RawPath desync |
IV. Related Vulnerabilities
Same product: traefik
- CVE-2026-41263
Traefik: BasicAuth middleware: timing side-channel vulnerabi - CVE-2026-40912
Traefik: StripPrefixRegex auth bypass via Path/RawPath desyn - CVE-2026-39858
Traefik: Forwarded alias spoofing top pre-auth decision bypa - CVE-2026-41174
Traefik Kubernetes CRD allows unauthorized cross-namespace m - CVE-2026-33433
Traefik Vulnerable to BasicAuth/DigestAuth Identity Spoofing
Same vendor: traefik
- CVE-2026-41263
Traefik: BasicAuth middleware: timing side-channel vulnerabi - CVE-2026-40912
Traefik: StripPrefixRegex auth bypass via Path/RawPath desyn - CVE-2026-39858
Traefik: Forwarded alias spoofing top pre-auth decision bypa - CVE-2026-41174
Traefik Kubernetes CRD allows unauthorized cross-namespace m - CVE-2026-33433
Traefik Vulnerable to BasicAuth/DigestAuth Identity Spoofing
Same weakness: CWE-345
- CVE-2026-42575
apko doesn't verify downloaded apk packages against APKINDEX - CVE-2026-41432
New API: Stripe Webhook Signature Bypass via Empty Secret En - CVE-2026-42206
Roadiz OpenID Connect nonce generated but never validated — - CVE-2026-31835
Vaultwarden WebAuthn credential metadata tampered before sig - CVE-2026-43534
OpenClaw < 2026.4.10 - Unsanitized External Input in Agent H
V. Comments for CVE-2026-35051
No comments yet