Where
-Infinity
0

Trending

Last week
Last month
Last year

Traefik traefikTraefik: Gateway API TraefikService backend accepts rest@internal, allowing unauthorized exposure of the REST provider despite providers.rest.insecure=false

Risk 82
Severity
6.4
First published (updated )
CVE-2026-44774

Traefik traefikTraefik: Errors middleware forwards Authorization and Cookie headers to separate error page service

Risk 33
Severity
6.9
First published (updated )
CVE-2026-41181

Traefik traefikTraefik: BasicAuth middleware: timing side-channel vulnerability

Risk 30
Severity
6.3
First published (updated )
CVE-2026-41263

Traefik traefikTraefik Kubernetes CRD allows unauthorized cross-namespace middleware binding

Risk 39
Severity
4.8
First published (updated )
CVE-2026-41174

Traefik traefikTraefik: StripPrefixRegex auth bypass via Path/RawPath desync

Risk 54
Severity
7.8
First published (updated )
CVE-2026-40912
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Traefik traefikTraefik: Forwarded alias spoofing top pre-auth decision bypass

Risk 73
Severity
7.8
First published (updated )
CVE-2026-39858

Traefik traefikTraefik: ForwardAuth trustForwardHeader=false allows spoofed X-Forwarded-Prefix to bypass auth

Risk 73
Severity
7.8
First published (updated )
CVE-2026-35051

Traefik traefikTraefik Vulnerable to BasicAuth/DigestAuth Identity Spoofing via Non-Canonical headerField

Risk 79
Severity
5.1
First published (updated )
CVE-2026-33433

Traefik traefikTraefik has Knative Ingress Rule Injection that Allows Host Restriction Bypass

Risk 44
Severity
6.3
First published (updated )
CVE-2026-32695

Traefik traefikTraefik: BasicAuth Middleware Timing Attack Allows Username Enumeration

Risk 21
Severity
6.3
EPSS
0.01%
First published (updated )
CVE-2026-32595
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Traefik traefikTraefik mTLS bypass via fragmented ClientHello SNI extraction failure

Risk 46
Severity
7.8
EPSS
0.05%
First published (updated )
CVE-2026-32305

go/github.com/traefik/traefik/v3Traefik has a kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values

Risk 27
Severity
6.1
EPSS
0.01%
First published (updated )
CVE-2026-29777

Traefik traefikTraefik: lowercase `Connection` tokens can delete traefik-managed forwarded identity headers (for example, `X-Real-Ip`)

Risk 31
Severity
7.5
EPSS
0.01%
First published (updated )
CVE-2026-29054

Traefik traefikTraefik: tcp router clears read deadlines before tls forwarding, enabling stalled handshakes (slowloris doS)

Risk 43
Severity
7.5
First published (updated )
CVE-2026-26999

Traefik traefikTraefik: unbounded io.ReadAll on auth server response body causes OOM denial of service(DOS)

Risk 26
Severity
4.4
First published (updated )
CVE-2026-26998
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

go/github.com/traefik/traefik/v3Traefik: TCP readTimeout bypass via STARTTLS on Postgres

Risk 31
Severity
7.5
EPSS
0.02%
First published (updated )
CVE-2026-25949

Traefik traefikTraefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall

Risk 31
Severity
7.5
EPSS
0.02%
First published (updated )
CVE-2026-22045

go/github.com/traefik/traefik/v3Traefik has Inverted TLS Verification Logic in its ingress-nginx Provider

Risk 35
Severity
5.9
First published (updated )
CVE-2025-66491

Traefik Traefik GoTraefik doesn't Prevent Path Normalization Bypass in Router + Middleware Rules

Risk 43
Severity
6.9
First published (updated )
CVE-2025-66490

Apache Tomcat- Rapid Reset HTTP/2 vulnerability

Risk 65
Severity
7.5
Exploited
Zeroday
First published (updated )
CVE-2023-44487
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Traefik traefikDrop Headers via Malicious Connection Header

Risk 75
Severity
8.1
First published (updated )
CVE-2021-32813

Traefik traefikconfigurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of ce…

Risk 43
Severity
7.5
First published (updated )
CVE-2020-9321

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203