Vendor

Traefik

3 briefs RSS

Traefik Security Policy Bypass Vulnerability

A security policy bypass vulnerability exists in Traefik versions prior to v2.11.46, v3.6.x before v3.6.17, and v3.7.x before v3.7.1, allowing attackers to potentially circumvent intended access controls.

Traefik < 2.11.46 +2 security-policy-bypass vulnerability traefik

1r 1t May 12, 2026

high advisory

Traefik Data Confidentiality Vulnerability

2 rules 1 TTP

A vulnerability in Traefik allows an attacker to compromise the confidentiality of data, affecting versions v2.11.x prior to v2.11.44, v3.6.x prior to v3.6.15, and v3.7.0-rc.x prior to v3.7.0-rc.3.

Traefik vulnerability data-disclosure

2r 1t May 5, 2026

high advisory

Traefik ForwardAuth Authentication Bypass via X-Forwarded-Prefix Spoofing

2 rules 1 TTP

A high-severity authentication bypass vulnerability exists in Traefik's `ForwardAuth` middleware when `trustForwardHeader=false` is configured and Traefik is deployed behind a trusted upstream proxy; Traefik fails to sanitize the `X-Forwarded-Prefix` header, allowing attackers to spoof a trusted prefix value and gain unauthorized access to protected backend routes.

Traefik authentication-bypass webserver

2r 1t Jul 3, 2024