Package impact
Go / github.com/traefik/traefik/v2
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-40912 | high | 8.2 | 8.2 | 1mo ago | Traefik has an StripPrefixRegex Middleware Authorization Bypass via Path/RawPath Desync | |||
| CVE-2026-41174 | medium | 6.4 | 6.4 | 1mo ago | Traefik Kubernetes CRD allows unauthorized cross-namespace middleware binding | |||
| CVE-2026-41181 | medium | 5.8 | 5.8 | 20d ago | Traefik's errors middleware forwards Authorization and Cookie headers to separate error page service | |||
| CVE-2026-41263 | low | 3.7 | 3.7 | 1mo ago | Traefik: A timing side-channel vulnerability allows for valid username enumeration via BasicAuth middleware | |||
| CVE-2021-32813 | low | — | 2.5 | 5y ago | Header dropping in traefik in github.com/traefik/traefik |