CVE-2026-32595P4MEDIUM≥ 0, < 3.6.11·≥ 3.7.0-ea.1, < 3.7.0-ea.22026-03-20
CVE-2026-32595 [MEDIUM] CWE-208 Traefik Affected by BasicAuth Middleware Timing Attack Allows Username Enumeration
Traefik Affected by BasicAuth Middleware Timing Attack Allows Username Enumeration
## Summary
There is a potential vulnerability in Traefik's BasicAuth middleware that allows username enumeration via a timing attack.
When a submitted username exists, the middleware performs a bcrypt password comparison taking ~166ms. When the username does not exist, the response returns immediat
ghsaosv