SecAlerts
CVE ListPricingSign Up
traefik logo

traefik

Security Risk Profile

47
/100
medium

Security Risk Score

Comprehensive risk assessment based on 42 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from August 21, 2018 to present

42
Total CVEs
26
Critical+High
1
Exploited
2
Unpatched

Threat Assessment

Avg CVSS
7.2
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
2
Critical/High
Risk Level
47/100
medium
⚠️ 1 Active Exploits 1 Zero-Days📈 2 in Last 30 Days

Severity Distribution

Critical
4
High
22
Medium
16
Low
0

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
0
<5%
8

Age Distribution

Common Weaknesses (CWE)

1
Path Traversal
3
2
Input Validation
1
3
Infoleak
1

Most Affected Products

1. Traefik traefik138
2. go/github.com/traefik/traefik/v343
3. go/github.com/traefik/traefik/v227
4. go/github.com/traefik/traefik16
5. Apache Tomcat14

Recent Vulnerabilities

See more →
CVE-2026-44774
CVSS 6.4medium

Traefik: Gateway API TraefikService backend accepts rest@internal, allowing unauthorized exposure of the REST provider despite providers.rest.insecure=false

5/13/2026
CVE-2026-41181
CVSS 6.9medium

Traefik: Errors middleware forwards Authorization and Cookie headers to separate error page service

5/4/2026
CVE-2026-41263
CVSS 6.3medium

Traefik: BasicAuth middleware: timing side-channel vulnerability

4/24/2026
CVE-2026-41174
CVSS 4.8medium

Traefik Kubernetes CRD allows unauthorized cross-namespace middleware binding

4/24/2026
CVE-2026-40912
CVSS 7.8high

Traefik: StripPrefixRegex auth bypass via Path/RawPath desync

4/24/2026
CVE-2026-39858
CVSS 7.8high

Traefik: Forwarded alias spoofing top pre-auth decision bypass

4/24/2026
CVE-2026-35051
CVSS 7.8high

Traefik: ForwardAuth trustForwardHeader=false allows spoofed X-Forwarded-Prefix to bypass auth

4/24/2026
CVE-2026-33433
CVSS 5.1medium

Traefik Vulnerable to BasicAuth/DigestAuth Identity Spoofing via Non-Canonical headerField

3/27/2026
CVE-2026-32695
CVSS 6.3medium

Traefik has Knative Ingress Rule Injection that Allows Host Restriction Bypass

3/27/2026
CVE-2026-32595
CVSS 6.3EPSS 0%medium

Traefik: BasicAuth Middleware Timing Attack Allows Username Enumeration

3/20/2026

Monitor traefik in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.