<0.1% probability · 18.9th percentile — 2026-05-12
Affected versions
Traefik versions prior to 2.11.43, 3.6.14, and 3.7.0-rc.2
Summary
Traefik is a widely used open-source HTTP reverse proxy and load balancer. This vulnerability exists because Traefik fails to sanitize forwarded header aliases that use underscores instead of dashes. UnAuthenticated remote attackers can inject spoofed trust context to bypass authentication controls on protected routes without valid credentials.
Remediation
Upgrade Traefik to one of the officially patched versions 2.11.43, 3.6.14, or 3.7.0-rc.2 immediately. Restrict public access to vulnerable Traefik instances until the update can be applied.
Exploit info
This exploit has been publicly disclosed, with references to this issue documented in trusted public vulnerability databases. You may check Exploit-DB or GitHub for potential exploit details.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.