Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

traefik — Vulnerabilities & Security Advisories 33

Browse all 33 CVE security advisories affecting traefik. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Traefik functions as an open-source edge router and reverse proxy, primarily designed to simplify the deployment of microservices by automatically discovering and configuring backend services. Its architecture focuses on dynamic configuration, allowing it to integrate seamlessly with container orchestration platforms like Docker and Kubernetes. Historically, the software has been susceptible to several critical vulnerability classes, including remote code execution, path traversal, and privilege escalation flaws. These issues often stem from improper input validation or insufficient access controls within its HTTP middleware and entry point configurations. With thirty-three recorded CVEs, recent incidents have highlighted risks related to unauthorized access to the dashboard and potential denial-of-service conditions. While the project maintains an active security response process, the high volume of disclosed flaws underscores the complexity of managing dynamic routing logic in distributed environments, requiring diligent patching and strict configuration hygiene to mitigate exposure.

Found 33 results / 33Clear Filters
Top products by traefik: traefik
CVE IDTitleCVSSSeverityPublished
CVE-2026-41263 Traefik: BasicAuth middleware: timing side-channel vulnerability — traefikCWE-208 3.7 -2026-04-30
CVE-2026-40912 Traefik: StripPrefixRegex auth bypass via Path/RawPath desync — traefikCWE-706 8.2 -2026-04-30
CVE-2026-39858 Traefik: Forwarded alias spoofing top pre-auth decision bypass — traefikCWE-290 9.8 -2026-04-30
CVE-2026-35051 Traefik: ForwardAuth trustForwardHeader=false allows spoofed X-Forwarded-Prefix to bypass auth — traefikCWE-345 9.1 -2026-04-30
CVE-2026-41174 Traefik Kubernetes CRD allows unauthorized cross-namespace middleware binding — traefikCWE-863 9.3 -2026-04-30
CVE-2026-33433 Traefik Vulnerable to BasicAuth/DigestAuth Identity Spoofing via Non-Canonical headerField — traefikCWE-290 8.1 -2026-03-27
CVE-2026-32695 Traefik has Knative Ingress Rule Injection that Allows Host Restriction Bypass — traefikCWE-74 10.0 -2026-03-27
CVE-2026-32595 Traefik: BasicAuth Middleware Timing Attack Allows Username Enumeration — traefikCWE-208 3.7 -2026-03-20
CVE-2026-32305 Traefik mTLS bypass via fragmented ClientHello SNI extraction failure — traefikCWE-287 7.5 -2026-03-20
CVE-2026-29777 Traefik has a kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values — traefikCWE-74 5.4AIMediumAI2026-03-11
CVE-2026-29054 Traefik: lowercase `Connection` tokens can delete traefik-managed forwarded identity headers (for example, `X-Real-Ip`) — traefikCWE-178 7.5 High2026-03-05
CVE-2026-26999 Traefik: tcp router clears read deadlines before tls forwarding, enabling stalled handshakes (slowloris doS) — traefikCWE-400 7.5 High2026-03-05
CVE-2026-26998 Traefik: unbounded io.ReadAll on auth server response body causes OOM denial of service(DOS) — traefikCWE-770 4.4 Medium2026-03-05
CVE-2026-25949 Traefik: TCP readTimeout bypass via STARTTLS on Postgres — traefikCWE-400 7.5 High2026-02-12
CVE-2026-22045 Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall — traefikCWE-770 5.9 Medium2026-01-15
CVE-2025-66491 Traefik has Inverted TLS Verification Logic in its ingress-nginx Provider — traefikCWE-295 5.9 Medium2025-12-09
CVE-2025-66490 Traefik doesn't Prevent Path Normalization Bypass in Router + Middleware Rules — traefikCWE-436 9.8AICriticalAI2025-12-09
CVE-2025-54386 Traefik's Client Plugin is Vulnerable to Path Traversal, Arbitrary File Overwrites and Remote Code Execution — traefikCWE-22 9.8 -2025-08-01
CVE-2025-47952 Traefik allows path traversal using url encoding — traefikCWE-22 9.1AICriticalAI2025-05-30
CVE-2025-32431 Traefik has a possible vulnerability with the path matchers — traefikCWE-22 5.9 -2025-04-21
CVE-2024-52003 X-Forwarded-Prefix Header still allows for Open Redirect in traefik — traefikCWE-601 5.3 -2024-11-29
CVE-2024-45410 HTTP client can remove the X-Forwarded headers in Traefik — traefikCWE-345 9.8 Critical2024-09-19
CVE-2024-39321 Traefik vulnerable to bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes — traefikCWE-639 7.5 High2024-07-05
CVE-2024-28869 Possible denial of service vulnerability with Content-length header in Traefik — traefikCWE-755 7.5 High2024-04-12
CVE-2023-47633 Uncontrolled Resource Consumption in Traefik — traefikCWE-400 7.5 High2023-12-04
CVE-2023-47106 Incorrect processing of fragment in the URL leads to Authorization Bypass in Traefik — traefikCWE-20 4.8 Medium2023-12-04
CVE-2023-47124 Denial of service whith ACME HTTPChallenge in Traefik — traefikCWE-772 5.9 Medium2023-12-04
CVE-2023-29013 HTTP header parsing could cause a deny of service — traefikCWE-400 7.5 High2023-04-14
CVE-2022-46153 Routes exposed with an empty TLSOption in traefik — traefikCWE-295 8.1 High2022-12-08
CVE-2022-23469 Authorization header displayed in the debug logs — traefikCWE-200 3.5 Low2022-12-08

This page lists every published CVE security advisory associated with traefik. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.