Github.Com Traefik Traefik V2 vulnerabilities
47 known vulnerabilities affecting github.com/traefik_traefik_v2.
Total CVEs
47
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH20MEDIUM21LOW1
Vulnerabilities
Page 2 of 3
CVE-2026-26999P3HIGH≥ 0, < 2.11.382026-03-04
CVE-2026-26999 [HIGH] CWE-400 Traefik: tcp router clears read deadlines before tls forwarding, enabling stalled handshakes (Slowloris DOS)
Traefik: tcp router clears read deadlines before tls forwarding, enabling stalled handshakes (Slowloris DOS)
## Impact
There is a potential vulnerability in Traefik managing TLS handshake on TCP routers.
When Traefik processes a TLS connection on a TCP router, the read deadline used to bound protocol sniffing is cleared before the TLS handshake is complete
ghsaosv
CVE-2022-23632P3HIGH≥ 0, < 2.6.12022-02-16
CVE-2022-23632 [HIGH] CWE-295 Skip the router TLS configuration when the host header is an FQDN
Skip the router TLS configuration when the host header is an FQDN
### Impact
People that configure mTLS between Traefik and clients.
For a request, the TLS configuration choice can be different than the router choice, which implies the use of a wrong TLS configuration.
- When sending a request using FQDN handled by a router configured with a dedicated TLS configuration, the TLS configuration falls
ghsaosv
CVE-2024-39321P3HIGH≥ 0, < 2.11.62024-07-05
CVE-2024-39321 [HIGH] CWE-639 Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes
Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes
### Impact
There is a vulnerability in Traefik that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses.
### Patches
- https://github.com/traefik/traefik/releases/tag/v2.11.6
- https://github.com/traefik/traefik/rel
ghsaosv
CVE-2024-28869P3HIGH≥ 0, < 2.11.22024-04-12
CVE-2024-28869 [HIGH] CWE-404 Traefik vulnerable to denial of service with Content-length header
Traefik vulnerable to denial of service with Content-length header
There is a potential vulnerability in Traefik managing requests with `Content-length` and no `body` .
Sending a `GET` request to any Traefik endpoint with the `Content-length` request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of service.
ghsaosv
CVE-2026-22045P3MEDIUM≥ 0, < 2.11.352026-01-15
CVE-2026-22045 [MEDIUM] CWE-770 Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall
Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall
## Impact
There is a potential vulnerability in Traefik ACME TLS certificates' automatic generation: the ACME TLS-ALPN fast path can allow unauthenticated clients to tie up goroutines and file descriptors indefinitely when the ACME TLS challenge is enabled.
A malicious client can open many connections, send
ghsaosv
CVE-2026-54761P3MEDIUM≥ 0, ≤ 2.11.502026-06-17
CVE-2026-54761 [MEDIUM] CWE-284 Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services
Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services
## Summary
There is a high severity vulnerability in Traefik's Kubernetes Gateway provider affecting the `crossProviderNamespaces` allowlist. For `HTTPRoute` rules that declare multiple (WRR) backen
ghsa
CVE-2021-32813P3MEDIUM≥ 0, < 2.4.132021-08-05
CVE-2021-32813 [MEDIUM] CWE-913 Header dropping in traefik
Header dropping in traefik
# Impact
There exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation, however, the Traefik team has addressed this issue to prevent any potential abuse.
# Details
If you have a chain of Traefik middlewares, and one of them sets a request header `Important
ghsaosv
CVE-2025-66490P3MEDIUM≥ 0, < 2.11.322025-12-08
CVE-2025-66490 [MEDIUM] CWE-436 Path Normalization Bypass in Traefik Router + Middleware Rules
Path Normalization Bypass in Traefik Router + Middleware Rules
## Impact
There is a potential vulnerability in Traefik managing the requests using a `PathPrefix`, `Path` or `PathRegex` matcher.
When Traefik is configured to route the requests to a backend using a matcher based on the path; if the request path contains an encoded restricted character from the following set **('/', '\', 'Null', ';', '
ghsaosv
CVE-2023-29013P3HIGHCVSS 7.5≥ 0, < 2.9.10≥ 2.10.0-rc1, < 2.10.0-rc22023-04-11
CVE-2023-29013 [HIGH] CWE-400 Traefik HTTP header parsing could cause a denial of service
Traefik HTTP header parsing could cause a denial of service
### Impact
There is a vulnerability in [Go when parsing the HTTP headers](https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8/m/OV40vnafAwAJ), which impacts Traefik.
HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service.
### Refer
ghsaosv
CVE-2023-47633P3HIGH≥ 0, < 2.10.62023-12-05
CVE-2023-47633 [HIGH] CWE-400 Traefik docker container using 100% CPU
Traefik docker container using 100% CPU
### Summary
The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration.
### Details
While attempting to set up Traefik to handle traffic for Docker containers, I observed in the webUI a rule with the following information:
`Host(traefik-service) | webwebsec
ghsaosv
CVE-2026-29777P3MEDIUM≥ 0, ≤ 2.11.402026-03-11
CVE-2026-29777 [MEDIUM] CWE-74 Traefik: kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values
Traefik: kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values
## Summary
There is a potential vulnerability in Traefik's Kubernetes Gateway provider related to rule injection.
A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language via unsanitized header or query para
ghsaosv
CVE-2023-47106P3MEDIUM≥ 0, < 2.10.62023-12-05
CVE-2023-47106 [MEDIUM] CWE-177 Traefik incorrectly processes fragment in the URL, leads to Authorization Bypass
Traefik incorrectly processes fragment in the URL, leads to Authorization Bypass
### Summary
When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates the RFC because in the origin-form the URL should only contain the absolute path and the query.
When this is combined with another frontend
ghsaosv
CVE-2019-20894P3HIGH≥ 0, < 2.2.22021-09-02
CVE-2019-20894 [HIGH] CWE-287 Improper Authentication
Improper Authentication
Traefik 2.x, in certain configurations, allows HTTPS sessions to proceed without mutual TLS verification in a situation where ERR_BAD_SSL_CLIENT_AUTH_CERT should have occurred.
ghsaosv
CVE-2022-39271P3HIGH≥ 0, < 2.8.8≥ 2.9.0-rc1, < 2.9.0-rc52022-10-10
CVE-2022-39271 [HIGH] CWE-400 Traefik HTTP/2 connections management could cause a denial of service
Traefik HTTP/2 connections management could cause a denial of service
### Impact
There is a potential vulnerability in Traefik managing HTTP/2 connections.
A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure mode could be exploited to cause a denial of service.
### Patches
Traefik v2.8.x: https://github.com/traefik/traefik/releases/tag/v2.8.8
ghsaosv
CVE-2022-23469P3LOW≥ 0, < 2.9.62022-12-08
CVE-2022-23469 [LOW] CWE-200 Traefik may display authorization header in the debug logs
Traefik may display authorization header in the debug logs
### Impact
There is a potential vulnerability in Traefik displaying the Authorization header in its debug logs.
Traefik uses [oxy](https://github.com/vulcand/oxy) to provide the following features:
- Round Robin: https://doc.traefik.io/traefik/routing/services/#weighted-round-robin-service
- Buffering: https://doc.traefik.io/traefik/middlewares/ht
ghsaosv
CVE-2022-46153P3MEDIUM≥ 0, < 2.9.62022-12-08
CVE-2022-46153 [MEDIUM] CWE-295 Traefik routes exposed with an empty TLSOption
Traefik routes exposed with an empty TLSOption
## Impact
There is a potential vulnerability in Traefik managing the TLS connections.
A router configured with a not well-formatted [TLSOption](https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options) is exposed with an empty TLSOption.
For instance, a route secured using an mTLS connection set with a wrong CA file is exposed without verifying the client certificat
ghsaosv
CVE-2026-41174P3MEDIUM≥ 0, < 2.11.432026-04-24
CVE-2026-41174 [MEDIUM] CWE-653 Traefik Kubernetes CRD allows unauthorized cross-namespace middleware binding
Traefik Kubernetes CRD allows unauthorized cross-namespace middleware binding
## Summary
There is a vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement.
When `providers.kubernetesCRD.allowCrossNamespace=false`, Traefik correctly rejects direct cross-namespace middleware references from `IngressRoute` objects, but fails to apply the same restriction
ghsa
CVE-2026-32305P4HIGH≥ 0, < 2.11.412026-03-20
CVE-2026-32305 [HIGH] CWE-287 Traefik has a Potential mTLS Bypass via Fragmented TLS ClientHello Causing Pre-SNI Sniff Fallback to Default Non-mTLS TLS Config
Traefik has a Potential mTLS Bypass via Fragmented TLS ClientHello Causing Pre-SNI Sniff Fallback to Default Non-mTLS TLS Config
## Summary
There is a potential vulnerability in Traefik's TLS SNI pre-sniffing logic related to fragmented ClientHello packets.
When a TLS ClientHello is fragmented across multiple records, Traefik's SNI extr
ghsaosv
CVE-2026-41181P4MEDIUM≥ 0, < 2.11.442026-05-04
CVE-2026-41181 [MEDIUM] CWE-201 Traefik's errors middleware forwards Authorization and Cookie headers to separate error page service
Traefik's errors middleware forwards Authorization and Cookie headers to separate error page service
## Summary
There is a medium severity information disclosure vulnerability in Traefik's `errors` (custom error pages) middleware. When the backend returns a response matching the configured status range, the middleware forwards the original request's complete head
ghsa
CVE-2024-53259P4MEDIUMCVSS 6.5≥ 0, < 2.11.152024-12-17
CVE-2024-53259 [MEDIUM] Traefik affected by CVE-2024-53259
Traefik affected by CVE-2024-53259
There is a potential vulnerability in Traefik managing HTTP/3 connections.
More details in the [CVE-2024-53259](https://nvd.nist.gov/vuln/detail/CVE-2024-53259).
## Patches
- https://github.com/traefik/traefik/releases/tag/v2.11.15
- https://github.com/traefik/traefik/releases/tag/v3.2.2
## Workarounds
No workaround
## For more information
If you have any questions or comments about this advisor
ghsaosv