Primary

Context

Traefik Path Matcher Vulnerability Bypasses Middleware

Vulnerability

A vulnerability exists in Traefik versions through 2.11.22, 3.3.5, and 3.4.0-rc1, allowing requests with '/../' in the path to bypass middleware and directly reach the backend. This issue arises when using PathPrefix, Path, or PathRegex matchers, enabling unintended access to services by exploiting path traversal.

Impact

Exploitation allows for bypassing of middleware chains, potentially leading to unauthorized access or actions on backend services.

Reproduction

To reproduce this vulnerability, create an IngressRoute that uses a PathPrefix matcher along with a middleware. Then, send a request that includes '/../' in the path. The request will reach the backend service without applying the specified middleware, unless the path is sanitized by the router.

Remediation

Update to Traefik versions 2.11.24, 3.3.6, or 3.4.0-rc2. If an immediate update is not possible, add a PathRegexp rule to the matcher to exclude routes with '/../' in the path.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

0.6

exploitability

9.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

0.6

exploitability

9.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Traefik Path Matcher Vulnerability Bypasses Middleware

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Traefik

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating