CVE-2026-40910P2CRITICALCVSS 9.1≥ 0.43.0, < 0.68.1·fixed in 0.68.12026-04-21
CVE-2026-40910 [CRITICAL] CWE-287 CVE-2026-40910: frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTT
frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser backend, while the access control check uses credentials
nvd