Package impact
Go / github.com/traefik/traefik
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-39858 | critical | 10.0 | 10.0 | 1mo ago | Traefik: Pre-authentication decision bypass due to forwarded alias spoofing | |||
| CVE-2026-35051 | critical | 10.0 | 10.0 | 1mo ago | Traefik's ForwardAuth trustForwardHeader=false allows spoofed X-Forwarded-Prefix to bypass authentication | |||
| CVE-2026-44774 | critical | 9.9 | 9.9 | 20d ago | Traefik: Gateway API TraefikService backend accepts rest@internal, allowing unauthorized exposure of the REST provider despite providers.rest.insecure=false | |||
| CVE-2026-41174 | medium | 6.4 | 6.4 | 1mo ago | Traefik Kubernetes CRD allows unauthorized cross-namespace middleware binding | |||
| CVE-2026-41263 | low | 3.7 | 3.7 | 1mo ago | Traefik: A timing side-channel vulnerability allows for valid username enumeration via BasicAuth middleware | |||
| CVE-2021-32813 | low | — | 2.5 | 5y ago | Header dropping in traefik in github.com/traefik/traefik |