Github.Com Traefik Traefik vulnerabilities
25 known vulnerabilities affecting github.com/traefik_traefik.
Total CVEs
25
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH11MEDIUM11
Vulnerabilities
Page 2 of 2
CVE-2026-32305P4HIGH≥ 0, ≤ 1.7.342026-03-20
CVE-2026-32305 [HIGH] CWE-287 Traefik has a Potential mTLS Bypass via Fragmented TLS ClientHello Causing Pre-SNI Sniff Fallback to Default Non-mTLS TLS Config
Traefik has a Potential mTLS Bypass via Fragmented TLS ClientHello Causing Pre-SNI Sniff Fallback to Default Non-mTLS TLS Config
## Summary
There is a potential vulnerability in Traefik's TLS SNI pre-sniffing logic related to fragmented ClientHello packets.
When a TLS ClientHello is fragmented across multiple records, Traefik's SNI extr
ghsaosv
CVE-2020-9321P4MEDIUM≥ 0, < 2.1.42021-09-02
CVE-2020-9321 [MEDIUM] CWE-200 Traefik has an Improper Certificate Handling issue
Traefik has an Improper Certificate Handling issue
configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging.
ghsaosv
CVE-2024-24788P4MEDIUMCVSS 5.9≥ 0, ≤ 1.7.342024-05-23
CVE-2024-24788 [MEDIUM] CWE-1395 Traefik vulnerable to GO issue allowing malformed DNS message to cause infinite loop
Traefik vulnerable to GO issue allowing malformed DNS message to cause infinite loop
### Impact
There is a vulnerability in [GO managing malformed DNS message](https://groups.google.com/g/golang-announce/c/wkkO4P9stm0), which impacts Traefik.
This vulnerability could be exploited to cause a denial of service.
### References
- [CVE-2024-24788](https://www.cve.org/CVERecord?id=
ghsaosv
CVE-2026-41263P4MEDIUMCVSS 6.3≥ 0, ≤ 1.7.342026-04-24
CVE-2026-41263 [MEDIUM] CWE-208 Traefik: A timing side-channel vulnerability allows for valid username enumeration via BasicAuth middleware
Traefik: A timing side-channel vulnerability allows for valid username enumeration via BasicAuth middleware
## Summary
There is a timing side-channel vulnerability in Traefik's BasicAuth middleware that allows an attacker to enumerate valid usernames through response-time differences.
The variable intended to hold a constant-time fallback secret always re
ghsa
CVE-2026-32595P4MEDIUM≥ 0, ≤ 1.7.342026-03-20
CVE-2026-32595 [MEDIUM] CWE-208 Traefik Affected by BasicAuth Middleware Timing Attack Allows Username Enumeration
Traefik Affected by BasicAuth Middleware Timing Attack Allows Username Enumeration
## Summary
There is a potential vulnerability in Traefik's BasicAuth middleware that allows username enumeration via a timing attack.
When a submitted username exists, the middleware performs a bcrypt password comparison taking ~166ms. When the username does not exist, the response returns immediat
ghsaosv
← Previous2 / 2