Vulnerability in Traefik

CVE-2026-48020

Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.48, 3.6.19, and 3.7.3, there is a high severity vulnerability in Traefik's StripPrefix middleware that allows an unauthenticated attacker to bypass route-level authenticatio…

Affected products

Traefik — versions >= 3.7.0-ea.1, < 3.7.3, >= 3.0.0-beta1, < 3.6.19, < 2.11.48

Weakness classification (CWE)

CWE-288 — Authentication Bypass Using an Alternate Path or Channel

References

security-advisories@github.com (x_refsource_CONFIRM)
security-advisories@github.com (x_refsource_MISC)
security-advisories@github.com (x_refsource_MISC)
security-advisories@github.com (x_refsource_MISC)