Traffic server

This hub aggregates every CVE we track for Traffic server, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Traffic server.

• CVE-2025-65114Apache Traffic Server: Malformed chunked message body allows request smuggling7.5Apr 2, 2026
• CVE-2025-58136Apache Traffic Server: A simple legitimate POST request causes a crash7.5Apr 2, 2026
• CVE-2025-31698Apache Traffic Server: Client IP address from PROXY protocol is not used for ACL7.5Jun 19, 2025
• CVE-2025-49763Apache Traffic Server: Remote DoS via memory exhaustion in ESI Plugin7.5Jun 19, 2025
• CVE-2024-53868Apache Traffic Server: Malformed chunked message body allows request smuggling7.5Apr 3, 2025
• CVE-2024-38311Apache Traffic Server: Request smuggling via pipelining after a chunked message body6.3Mar 6, 2025
• CVE-2024-56195Apache Traffic Server: Intercept plugins are not access controlled6.3Mar 6, 2025
• CVE-2024-56196Apache Traffic Server: ACL is not fully compatible with older versions6.3Mar 6, 2025
• CVE-2024-56202Apache Traffic Server: Expect header field can unreasonably retain resource4.3Mar 6, 2025
• CVE-2018-9481In bta_hd_set_report_act of bta_hd_act.cc, there is a possible out-of-bounds read due to an integer overflow. This could lead to remote information disclosure in the Bluetooth service with no addit...6.5Nov 20, 2024
• CVE-2024-50306Apache Traffic Server: Server process can fail to drop privilege9.1Nov 14, 2024
• CVE-2024-50305Apache Traffic Server: Valid Host field value can cause crashes7.5Nov 14, 2024
• CVE-2024-38479Apache Traffic Server: Cache key plugin is vulnerable to cache poisoning attack7.5Nov 14, 2024
• CVE-2023-38522Apache Traffic Server: Incomplete field name check allows request smuggling7.5Jul 26, 2024
• CVE-2024-35296Apache Traffic Server: Invalid Accept-Encoding can force forwarding requests8.2Jul 26, 2024