PT-2026-36177 · Traefik · Traefik

Zwique

Published

2026-04-22

Updated

2026-06-05

CVE-2026-35051

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.43 Traefik versions prior to 3.6.14 Traefik versions prior to 3.7.0-rc.2

Description An authentication bypass exists in the ForwardAuth middleware of Traefik, an HTTP reverse proxy and load balancer. This occurs when trustForwardHeader is set to false and the software is deployed behind a trusted upstream proxy.

Recommendations Update to version 2.11.43. Update to version 3.6.14. Update to version 3.7.0-rc.2.

Fix

Insufficient Verification of Data Authenticity

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-345

Related Identifiers

BDU:2026-06479

CVE-2026-35051

GHSA-6384-M2MW-RF54

OPENSUSE-SU-2026:10697-1

OPENSUSE-SU-2026:10698-1

Affected Products

Traefik

PT-2026-36177 · Traefik · Traefik

CVE-2026-35051

Weakness Enumeration

Related Identifiers

Affected Products

References · 22