Primary

Context

Traefik Identity Spoofing Vulnerability via Non-Canonical HTTP Header Injection

Vulnerability

Patched

A vulnerability exists in Traefik's Basic and Digest authentication middlewares, prior to versions 2.11.42, 3.6.11, and 3.7.0-ea.3. When the 'headerField' is set with a non-canonical HTTP header name, an authenticated attacker can inject the canonical version of that header to impersonate any identity to the backend. This occurs because Traefik writes the header using a non-canonical key, creating a duplicate header entry. As a result, the backend reads the injected canonical header first, allowing the attacker to override the original value and control the identity being presented.

Impact

Exploitation of this vulnerability allows for identity impersonation by injecting canonical header values that override non-canonical ones, leading to unauthorized access or actions on behalf of the impersonated user.

Remediation

Users can upgrade to Traefik versions 2.11.42, 3.6.11, or 3.7.0-ea.3 to address this vulnerability.

Added: Mar 27, 2026, 3:46 PM

Updated: Mar 27, 2026, 3:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

0.4

exploitability

5.0

remediation

7.7

relevance

4.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

0.4

exploitability

5.0

remediation

7.7

relevance

4.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Traefik Identity Spoofing Vulnerability via Non-Canonical HTTP Header Injection

Vulnerability

Impact

Remediation

Affected Products

Traefik

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating