Github.com/traefik/traefik/v2

This hub aggregates every CVE we track for Github.com/traefik/traefik/v2, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Github.com/traefik/traefik/v2.

• CVE-2026-29777Traefik has a kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values6.5Mar 11, 2026
• CVE-2026-29054Traefik: lowercase `Connection` tokens can delete traefik-managed forwarded identity headers (for example, `X-Real-Ip`)7.5Mar 5, 2026
• CVE-2026-26999Traefik: tcp router clears read deadlines before tls forwarding, enabling stalled handshakes (slowloris doS)7.5Mar 5, 2026
• CVE-2026-26998Traefik: unbounded io.ReadAll on auth server response body causes OOM denial of service(DOS)4.4Mar 5, 2026
• CVE-2026-22045Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall5.9Jan 15, 2026
• CVE-2025-66490Traefik doesn't Prevent Path Normalization Bypass in Router + Middleware Rules6.5Dec 9, 2025
• CVE-2025-54386Traefik's Client Plugin is Vulnerable to Path Traversal, Arbitrary File Overwrites and Remote Code Execution9.8Aug 1, 2025
• CVE-2025-47952Traefik allows path traversal using url encoding9.1May 30, 2025
• CVE-2025-32431Traefik has a possible vulnerability with the path matchers9.1Apr 21, 2025
• CVE-2024-52003X-Forwarded-Prefix Header still allows for Open Redirect in traefik6.1Nov 29, 2024
• CVE-2024-45410HTTP client can remove the X-Forwarded headers in Traefik9.8Sep 19, 2024
• CVE-2024-39321Traefik vulnerable to bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes7.5Jul 5, 2024
• CVE-2024-28869Possible denial of service vulnerability with Content-length header in Traefik7.5Apr 12, 2024
• CVE-2023-47633Uncontrolled Resource Consumption in Traefik7.5Dec 4, 2023
• CVE-2023-47106Incorrect processing of fragment in the URL leads to Authorization Bypass in Traefik4.8Dec 4, 2023