Vulnerabilidades em traefik
41 resultadosCVE-2026-26998MEDIUMTraefik: unbounded io.ReadAll on auth server response body causes OOM denial of service(DOS)EPSS 0.5%CVE-2026-33433MEDIUMTraefik Vulnerable to BasicAuth/DigestAuth Identity Spoofing via Non-Canonical headerFieldEPSS 0.4%CVE-2026-41181MEDIUMTraefik: Errors middleware forwards Authorization and Cookie headers to separate error page serviceEPSS 0.4%CVE-2026-44774MEDIUMTraefik: Gateway API TraefikService backend accepts rest@internal, allowing unauthorized exposure of the REST provider despite providers.rest.insecure=falseEPSS 0.4%CVE-2023-54365HIGHTraefik - Denial of Service via HTTP/2 Request HandlingEPSS 0.4%CVE-2026-32695MEDIUMTraefik has Knative Ingress Rule Injection that Allows Host Restriction BypassEPSS 0.4%CVE-2026-29054HIGHTraefik: lowercase `Connection` tokens can delete traefik-managed forwarded identity headers (for example, `X-Real-Ip`)EPSS 0.4%CVE-2024-52003MEDIUMX-Forwarded-Prefix Header still allows for Open Redirect in traefikEPSS 0.4%CVE-2026-32595MEDIUMTraefik: BasicAuth Middleware Timing Attack Allows Username EnumerationEPSS 0.4%CVE-2026-54761MEDIUMTraefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik servicesEPSS 0.4%CVE-2026-41263MEDIUMTraefik: BasicAuth middleware: timing side-channel vulnerabilityEPSS 0.4%CVE-2025-66490MEDIUMTraefik doesn't Prevent Path Normalization Bypass in Router + Middleware RulesEPSS 0.3%CVE-2026-22045MEDIUMTraefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stallEPSS 0.3%CVE-2026-32305HIGHTraefik mTLS bypass via fragmented ClientHello SNI extraction failureEPSS 0.3%CVE-2026-29777MEDIUMTraefik has a kubernetes gateway rule injection via unescaped backticks in HTTPRoute match valuesEPSS 0.3%CVE-2026-35051HIGHTraefik: ForwardAuth trustForwardHeader=false allows spoofed X-Forwarded-Prefix to bypass authEPSS 0.3%CVE-2026-41174MEDIUMTraefik Kubernetes CRD allows unauthorized cross-namespace middleware bindingEPSS 0.3%CVE-2026-53622HIGHTraefik: HTTP/3 mTLS bypass via exact SNI TLSOptions lookup for wildcard and mixed-case hostsEPSS 0.2%CVE-2026-48491HIGHTraefik: SNICheck ignores wildcard TLSOptions mappings, allowing domain-fronted mTLS bypassEPSS 0.2%CVE-2025-66491MEDIUMTraefik has Inverted TLS Verification Logic in its ingress-nginx ProviderEPSS 0.2%