Primary

Context

Traefik Path Normalization Bypass Vulnerability Allowing Middleware Bypass

Vulnerability

Patched

A vulnerability exists in Traefik versions prior to 2.11.32 and 3.6.2, allowing requests with URL-encoded restricted characters to bypass path normalization. This issue can lead to path-based routing vulnerabilities, where requests skip the intended middleware and reach unintended backends. For example, a request to an admin path could bypass security controls and access a backend service directly. This vulnerability is fixed in Traefik versions 2.11.32 and 3.6.4.

Impact

Exploitation of this vulnerability can bypass access-control middleware, allowing unauthorized access to backend services.

Remediation

Users can upgrade to Traefik versions 2.11.32 or 3.6.4 to address this vulnerability.

Added: Dec 9, 2025, 1:19 AM

Updated: Dec 9, 2025, 1:19 AM

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

0.6

exploitability

9.7

remediation

7.7

relevance

1.3

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

0.6

exploitability

9.7

remediation

7.7

relevance

1.3

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Traefik Path Normalization Bypass Vulnerability Allowing Middleware Bypass

Vulnerability

Impact

Remediation

Affected Products

Traefik

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating