cbcvebase.

Github.Com Traefik Traefik V2 vulnerabilities

47 known vulnerabilities affecting github.com/traefik_traefik_v2.

Total CVEs
47
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH20MEDIUM21LOW1

Vulnerabilities

Page 2 of 3
CVE-2026-26999P3HIGH≥ 0, < 2.11.382026-03-04
CVE-2026-26999 [HIGH] CWE-400 Traefik: tcp router clears read deadlines before tls forwarding, enabling stalled handshakes (Slowloris DOS) Traefik: tcp router clears read deadlines before tls forwarding, enabling stalled handshakes (Slowloris DOS) ## Impact There is a potential vulnerability in Traefik managing TLS handshake on TCP routers. When Traefik processes a TLS connection on a TCP router, the read deadline used to bound protocol sniffing is cleared before the TLS handshake is complete
ghsaosv
CVE-2022-23632P3HIGH≥ 0, < 2.6.12022-02-16
CVE-2022-23632 [HIGH] CWE-295 Skip the router TLS configuration when the host header is an FQDN Skip the router TLS configuration when the host header is an FQDN ### Impact People that configure mTLS between Traefik and clients. For a request, the TLS configuration choice can be different than the router choice, which implies the use of a wrong TLS configuration. - When sending a request using FQDN handled by a router configured with a dedicated TLS configuration, the TLS configuration falls
ghsaosv
CVE-2024-39321P3HIGH≥ 0, < 2.11.62024-07-05
CVE-2024-39321 [HIGH] CWE-639 Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes ### Impact There is a vulnerability in Traefik that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. ### Patches - https://github.com/traefik/traefik/releases/tag/v2.11.6 - https://github.com/traefik/traefik/rel
ghsaosv
CVE-2024-28869P3HIGH≥ 0, < 2.11.22024-04-12
CVE-2024-28869 [HIGH] CWE-404 Traefik vulnerable to denial of service with Content-length header Traefik vulnerable to denial of service with Content-length header There is a potential vulnerability in Traefik managing requests with `Content-length` and no `body` . Sending a `GET` request to any Traefik endpoint with the `Content-length` request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of service.
ghsaosv
CVE-2026-22045P3MEDIUM≥ 0, < 2.11.352026-01-15
CVE-2026-22045 [MEDIUM] CWE-770 Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall ## Impact There is a potential vulnerability in Traefik ACME TLS certificates' automatic generation: the ACME TLS-ALPN fast path can allow unauthenticated clients to tie up goroutines and file descriptors indefinitely when the ACME TLS challenge is enabled. A malicious client can open many connections, send
ghsaosv
CVE-2026-54761P3MEDIUM≥ 0, ≤ 2.11.502026-06-17
CVE-2026-54761 [MEDIUM] CWE-284 Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services ## Summary There is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the `crossProviderNamespaces` allowlist. For `HTTPRoute` rules that declare multiple (WRR) backen
ghsa
CVE-2021-32813P3MEDIUM≥ 0, < 2.4.132021-08-05
CVE-2021-32813 [MEDIUM] CWE-913 Header dropping in traefik Header dropping in traefik # Impact There exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation, however, the Traefik team has addressed this issue to prevent any potential abuse. # Details If you have a chain of Traefik middlewares, and one of them sets a request header `Important
ghsaosv
CVE-2025-66490P3MEDIUM≥ 0, < 2.11.322025-12-08
CVE-2025-66490 [MEDIUM] CWE-436 Path Normalization Bypass in Traefik Router + Middleware Rules Path Normalization Bypass in Traefik Router + Middleware Rules ## Impact There is a potential vulnerability in Traefik managing the requests using a `PathPrefix`, `Path` or `PathRegex` matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path; if the request path contains an encoded restricted character from the following set **('/', '\', 'Null', ';', '
ghsaosv
CVE-2023-29013P3HIGHCVSS 7.5≥ 0, < 2.9.10≥ 2.10.0-rc1, < 2.10.0-rc22023-04-11
CVE-2023-29013 [HIGH] CWE-400 Traefik HTTP header parsing could cause a denial of service Traefik HTTP header parsing could cause a denial of service ### Impact There is a vulnerability in [Go when parsing the HTTP headers](https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8/m/OV40vnafAwAJ), which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service. ### Refer
ghsaosv
CVE-2023-47633P3HIGH≥ 0, < 2.10.62023-12-05
CVE-2023-47633 [HIGH] CWE-400 Traefik docker container using 100% CPU Traefik docker container using 100% CPU ### Summary The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. ### Details While attempting to set up Traefik to handle traffic for Docker containers, I observed in the webUI a rule with the following information: `Host(traefik-service) | webwebsec
ghsaosv
CVE-2026-29777P3MEDIUM≥ 0, ≤ 2.11.402026-03-11
CVE-2026-29777 [MEDIUM] CWE-74 Traefik: kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values Traefik: kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values ## Summary There is a potential vulnerability in Traefik's Kubernetes Gateway provider related to rule injection. A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query para
ghsaosv
CVE-2023-47106P3MEDIUM≥ 0, < 2.10.62023-12-05
CVE-2023-47106 [MEDIUM] CWE-177 Traefik incorrectly processes fragment in the URL, leads to Authorization Bypass Traefik incorrectly processes fragment in the URL, leads to Authorization Bypass ### Summary When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates the RFC because in the origin-form the URL should only contain the absolute path and the query. When this is combined with another frontend
ghsaosv
CVE-2019-20894P3HIGH≥ 0, < 2.2.22021-09-02
CVE-2019-20894 [HIGH] CWE-287 Improper Authentication Improper Authentication Traefik 2.x, in certain configurations, allows HTTPS sessions to proceed without mutual TLS verification in a situation where ERR_BAD_SSL_CLIENT_AUTH_CERT should have occurred.
ghsaosv
CVE-2022-39271P3HIGH≥ 0, < 2.8.8≥ 2.9.0-rc1, < 2.9.0-rc52022-10-10
CVE-2022-39271 [HIGH] CWE-400 Traefik HTTP/2 connections management could cause a denial of service Traefik HTTP/2 connections management could cause a denial of service ### Impact There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure mode could be exploited to cause a denial of service. ### Patches Traefik v2.8.x: https://github.com/traefik/traefik/releases/tag/v2.8.8
ghsaosv
CVE-2022-23469P3LOW≥ 0, < 2.9.62022-12-08
CVE-2022-23469 [LOW] CWE-200 Traefik may display authorization header in the debug logs Traefik may display authorization header in the debug logs ### Impact There is a potential vulnerability in Traefik displaying the Authorization header in its debug logs. Traefik uses [oxy](https://github.com/vulcand/oxy) to provide the following features: - Round Robin: https://doc.traefik.io/traefik/routing/services/#weighted-round-robin-service - Buffering: https://doc.traefik.io/traefik/middlewares/ht
ghsaosv
CVE-2022-46153P3MEDIUM≥ 0, < 2.9.62022-12-08
CVE-2022-46153 [MEDIUM] CWE-295 Traefik routes exposed with an empty TLSOption Traefik routes exposed with an empty TLSOption ## Impact There is a potential vulnerability in Traefik managing the TLS connections. A router configured with a not well-formatted [TLSOption](https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options) is exposed with an empty TLSOption. For instance, a route secured using an mTLS connection set with a wrong CA file is exposed without verifying the client certificat
ghsaosv
CVE-2026-41174P3MEDIUM≥ 0, < 2.11.432026-04-24
CVE-2026-41174 [MEDIUM] CWE-653 Traefik Kubernetes CRD allows unauthorized cross-namespace middleware binding Traefik Kubernetes CRD allows unauthorized cross-namespace middleware binding ## Summary There is a vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When `providers.kubernetesCRD.allowCrossNamespace=false`, Traefik correctly rejects direct cross-namespace middleware references from `IngressRoute` objects, but fails to apply the same restriction
ghsa
CVE-2026-32305P4HIGH≥ 0, < 2.11.412026-03-20
CVE-2026-32305 [HIGH] CWE-287 Traefik has a Potential mTLS Bypass via Fragmented TLS ClientHello Causing Pre-SNI Sniff Fallback to Default Non-mTLS TLS Config Traefik has a Potential mTLS Bypass via Fragmented TLS ClientHello Causing Pre-SNI Sniff Fallback to Default Non-mTLS TLS Config ## Summary There is a potential vulnerability in Traefik's TLS SNI pre-sniffing logic related to fragmented ClientHello packets. When a TLS ClientHello is fragmented across multiple records, Traefik's SNI extr
ghsaosv
CVE-2026-41181P4MEDIUM≥ 0, < 2.11.442026-05-04
CVE-2026-41181 [MEDIUM] CWE-201 Traefik's errors middleware forwards Authorization and Cookie headers to separate error page service Traefik's errors middleware forwards Authorization and Cookie headers to separate error page service ## Summary There is a medium severity information disclosure vulnerability in Traefik's `errors` (custom error pages) middleware. When the backend returns a response matching the configured status range, the middleware forwards the original request's complete head
ghsa
CVE-2024-53259P4MEDIUMCVSS 6.5≥ 0, < 2.11.152024-12-17
CVE-2024-53259 [MEDIUM] Traefik affected by CVE-2024-53259 Traefik affected by CVE-2024-53259 There is a potential vulnerability in Traefik managing HTTP/3 connections. More details in the [CVE-2024-53259](https://nvd.nist.gov/vuln/detail/CVE-2024-53259). ## Patches - https://github.com/traefik/traefik/releases/tag/v2.11.15 - https://github.com/traefik/traefik/releases/tag/v3.2.2 ## Workarounds No workaround ## For more information If you have any questions or comments about this advisor
ghsaosv
Github.Com Traefik Traefik V2 vulnerabilities | cvebase