Security: traefik/traefik
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
TCP readTimeout bypass via STARTTLS on PostgresGHSA-89p3-4642-cr2w published
Feb 12, 2026 by nmenginHigh -
TLS ClientAuth Bypass on HTTP/3GHSA-gv8r-9rw9-9697 published
Feb 20, 2026 by nmenginHigh -
ACME TLS-ALPN fast path lacks timeouts and close on handshake stallGHSA-cwjm-3f7h-9hwq published
Jan 15, 2026 by nmenginModerate -
Inverted TLS Verification Logic in Kubernetes NGINX ProviderGHSA-7vww-mvcr-x6vj published
Dec 8, 2025 by nmenginModerate -
Path Normalization Bypass in Traefik Router + Middleware RulesGHSA-gm3x-23wp-hc2c published
Dec 8, 2025 by nmenginHigh -
Path Traversal in WASM Client PluginGHSA-q6gg-9f92-r9wg published
Aug 1, 2025 by emilevaugeHigh -
Path traversal still possible using url encodingGHSA-vrch-868g-9jx5 published
May 28, 2025 by nmenginLow -
Security Vulnerability: Go 1.23.x < 1.23.8 - HTTP Request Smuggling Vulnerability - 1.23.8GHSA-5423-jcjm-2gpv published
Apr 18, 2025 by emilevaugeCritical -
Fix CVE-2025-22868GHSA-3wqc-mwfx-672p published
Apr 18, 2025 by emilevaugeHigh -
Path Matchers VulnerabilityGHSA-6p68-w45g-48j7 published
Apr 21, 2025 by emilevaugeHigh