Security Advisory

CVE-2026-35051

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-30 20:26:06
Last updated 2026-06-30 12:09:05
Assigner GitHub_M
State PUBLISHED

Description

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is an authentication bypass vulnerability in Traefiks ForwardAuth middleware when trustForwardHeader=false is configured and Traefik is deployed behind a trusted upstream proxy. This issue has been patched in versions 2.11.43, 3.6.14, and 3.7.0-rc.2.