cbcvebase.

Github.Com Traefik Traefik vulnerabilities

25 known vulnerabilities affecting github.com/traefik_traefik.

Total CVEs
25
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH11MEDIUM11

Vulnerabilities

Page 2 of 2
CVE-2026-32305P4HIGH≥ 0, ≤ 1.7.342026-03-20
CVE-2026-32305 [HIGH] CWE-287 Traefik has a Potential mTLS Bypass via Fragmented TLS ClientHello Causing Pre-SNI Sniff Fallback to Default Non-mTLS TLS Config Traefik has a Potential mTLS Bypass via Fragmented TLS ClientHello Causing Pre-SNI Sniff Fallback to Default Non-mTLS TLS Config ## Summary There is a potential vulnerability in Traefik's TLS SNI pre-sniffing logic related to fragmented ClientHello packets. When a TLS ClientHello is fragmented across multiple records, Traefik's SNI extr
ghsaosv
CVE-2020-9321P4MEDIUM≥ 0, < 2.1.42021-09-02
CVE-2020-9321 [MEDIUM] CWE-200 Traefik has an Improper Certificate Handling issue Traefik has an Improper Certificate Handling issue configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging.
ghsaosv
CVE-2024-24788P4MEDIUMCVSS 5.9≥ 0, ≤ 1.7.342024-05-23
CVE-2024-24788 [MEDIUM] CWE-1395 Traefik vulnerable to GO issue allowing malformed DNS message to cause infinite loop Traefik vulnerable to GO issue allowing malformed DNS message to cause infinite loop ### Impact There is a vulnerability in [GO managing malformed DNS message](https://groups.google.com/g/golang-announce/c/wkkO4P9stm0), which impacts Traefik. This vulnerability could be exploited to cause a denial of service. ### References - [CVE-2024-24788](https://www.cve.org/CVERecord?id=
ghsaosv
CVE-2026-41263P4MEDIUMCVSS 6.3≥ 0, ≤ 1.7.342026-04-24
CVE-2026-41263 [MEDIUM] CWE-208 Traefik: A timing side-channel vulnerability allows for valid username enumeration via BasicAuth middleware Traefik: A timing side-channel vulnerability allows for valid username enumeration via BasicAuth middleware ## Summary There is a timing side-channel vulnerability in Traefik's BasicAuth middleware that allows an attacker to enumerate valid usernames through response-time differences. The variable intended to hold a constant-time fallback secret always re
ghsa
CVE-2026-32595P4MEDIUM≥ 0, ≤ 1.7.342026-03-20
CVE-2026-32595 [MEDIUM] CWE-208 Traefik Affected by BasicAuth Middleware Timing Attack Allows Username Enumeration Traefik Affected by BasicAuth Middleware Timing Attack Allows Username Enumeration ## Summary There is a potential vulnerability in Traefik's BasicAuth middleware that allows username enumeration via a timing attack. When a submitted username exists, the middleware performs a bcrypt password comparison taking ~166ms. When the username does not exist, the response returns immediat
ghsaosv
Github.Com Traefik Traefik vulnerabilities | cvebase