github.com/traefik/traefik/v2

Go29 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting github.com/traefik/traefik/v2page 1 of 1

CVE-2019-20894HIGHCVSS 7.5EG 7.5✓ Fixed in 2.2.2
2020-07-02
Traefik 2.x, in certain configurations, allows HTTPS sessions to proceed without mutual TLS verification in a situation where ERR_BAD_SSL_CLIENT_AUTH_CERT should have occurred.
CVE-2020-15129MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.3.0-rc6
2020-07-30
In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik's handling of the "X-Forwarded-Prefix" header. The Traefik API dashboard component doesn't validate that the value of …
CVE-2021-32813MEDIUMCVSS 4.8EG 4.8✓ Fixed in 2.4.13
2021-08-03
Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a…
CVE-2022-23469LOWCVSS 3.5EG 3.5✓ Fixed in 2.9.6
2022-12-08
Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to…
CVE-2022-23632HIGHCVSS 7.4EG 7.4✓ Fixed in 2.6.1
2022-02-17
Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.6.1, Traefik skips the router transport layer security (TLS) configuration when the host header is a fully qualified domain name (FQDN). For a request, the TLS configur…
CVE-2022-39271HIGHCVSS 7.5EG 7.5✓ Fixed in 2.9.0-rc5
2022-10-11
Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang…
CVE-2022-46153HIGHCVSS 8.1EG 8.1✓ Fixed in 2.9.6
2022-12-08
Traefik is an open source HTTP reverse proxy and load balancer. In affected versions there is a potential vulnerability in Traefik managing TLS connections. A router configured with a not well-formatted TLSOption is exposed with an empty T…
CVE-2023-29013HIGHCVSS 7.5EG 7.5✓ Fixed in 2.10.0-rc2
2023-04-14
vulnerable: 2.10.0-rc1
Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantiall…
CVE-2023-47106MEDIUMCVSS 4.8EG 4.8✓ Fixed in 2.10.6
2023-12-04
Traefik is an open source HTTP reverse proxy and load balancer. When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates RFC 7230 because in the…
CVE-2023-47124MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.10.6
2023-12-04
Traefik is an open source HTTP reverse proxy and load balancer. When Traefik is configured to use the `HTTPChallenge` to generate and renew the Let's Encrypt TLS certificates, the delay authorized to solve the challenge (50 seconds) can be…
CVE-2023-47633HIGHCVSS 7.5EG 7.5✓ Fixed in 2.10.6
2023-12-04
Traefik is an open source HTTP reverse proxy and load balancer. The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default co…
CVE-2024-28869HIGHCVSS 7.5EG 7.5✓ Fixed in 2.11.2
2024-04-12
Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the "Content-length" request header results in an indefinite hang with the default configuration. This vulnerabilit…
CVE-2024-39321HIGHCVSS 7.5EG 7.5✓ Fixed in 2.11.6
2024-07-05
Traefik is an HTTP reverse proxy and load balancer. Versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3 have a vulnerability that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addre…
CVE-2024-45410CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.11.9
2024-09-19
Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a…
CVE-2024-52003MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.11.14
2024-11-29
Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. There is a vulnerability in Traefik that allows the client to provide the X-Forwarded-Prefix header from an untrusted source. This issue has been addressed in version…
CVE-2025-54386CRITICALCVSS 9.8EG 9.8✓ Fixed in 2.11.28
2025-08-02
Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered in WASM Traefik’s plugin installation mechanism. By supplying a malicious…
CVE-2025-66490MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2.11.32
2025-12-09
Traefik is an HTTP reverse proxy and load balancer. For versions prior to 2.11.32 and 2.11.31 through 3.6.2, requests using PathPrefix, Path or PathRegex matchers can bypass path normalization. When Traefik uses path-based routing, request…
CVE-2025-66491MEDIUMCVSS 5.9EG 5.9
2025-12-09
Traefik is an HTTP reverse proxy and load balancer. Versions 3.5.0 through 3.6.2 have inverted TLS verification logic in the nginx.ingress.kubernetes.io/proxy-ssl-verify annotation. Setting the annotation to "on" (intending to enable backe…
CVE-2026-22045MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.11.35
2026-01-15
Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.35 and 3.6.7, there is a potential vulnerability in Traefik ACME TLS certificates' automatic generation: the ACME TLS-ALPN fast path can allow unauthenticated clients to tie…
CVE-2026-25949HIGHCVSS 7.5EG 7.5
2026-02-12
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.8, there is a potential vulnerability in Traefik managing STARTTLS requests. An unauthenticated client can bypass Traefik entrypoint respondingTimeouts.readTimeout by sending…
CVE-2026-32695HIGHCVSS 7.7EG 7.7
2026-03-27
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 3.6.11 and 3.7.0-ea.2, Traefik's Knative provider builds router rules by interpolating user-controlled values into backtick-delimited rule expressions without escaping. …
CVE-2026-33433HIGHCVSS 8.8EG 8.8✓ Fixed in 2.11.42
2026-03-27
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.42, 3.6.11, and 3.7.0-ea.3, when `headerField` is configured with a non-canonical HTTP header name (e.g., `x-auth-user` instead of `X-Auth-User`), an authenticated …
CVE-2026-35051CRITICALCVSS 10.0EG 10.0✓ Fixed in 2.11.43
2026-04-30
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is an authentication bypass vulnerability in Traefik's ForwardAuth middleware when trustForwardHeader=false is configured and Trae…
CVE-2026-39858CRITICALCVSS 10.0EG 10.0✓ Fixed in 2.11.43
2026-04-30
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's ForwardAuth and snippet-based authentication middleware. Traef…
CVE-2026-40912HIGHCVSS 8.2EG 8.2✓ Fixed in 2.11.43
2026-04-30
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware when used in combination with Forw…
CVE-2026-41174MEDIUMCVSS 6.4EG 6.4✓ Fixed in 2.11.43
2026-04-30
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetes…
CVE-2026-41181MEDIUMCVSS 5.8EG 5.8✓ Fixed in 2.11.44
2026-05-15
Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.44, 3.6.15, and 3.7.0-rc.3, there is an information disclosure vulnerability in Traefik's errors (custom error pages) middleware. When the backend returns a response matchin…
CVE-2026-41263LOWCVSS 3.7EG 3.7✓ Fixed in 2.11.43
2026-04-30
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a timing side-channel vulnerability in Traefik's BasicAuth middleware that allows an attacker to enumerate valid usernames thro…
CVE-2026-44774CRITICALCVSS 9.9EG 9.9✓ Fixed in 2.11.46
2026-05-15
Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.46, 3.6.17, and 3.7.1, Traefik's Kubernetes Gateway API provider allows a tenant with HTTPRoute creation permissions to expose the REST provider handler, bypassing the provi…

Check whether github.com/traefik/traefik/v2 is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/traefik/traefik/v2 CVEs against the assets you own.

Start Free Scan →