Primary

Context

Traefik Authentication Bypass Vulnerability in ForwardAuth and Snippet-Based Middleware

Vulnerability

Patched

A high-severity authentication bypass vulnerability has been identified in Traefik's ForwardAuth and snippet-based authentication middleware. This issue affects Traefik versions through v2.11.42, v3.6.13, and v3.7.0-rc.1. The vulnerability arises because Traefik's sanitization logic for forwarded headers only addresses canonical names, such as X-Forwarded-Proto, and fails to normalize alias variants that use underscores instead of dashes. As a result, these unsanitized alias headers are forwarded to the authentication backend, where an attacker can inject spoofed trust context, such as a trusted scheme or host, to bypass authentication on protected routes without valid credentials.

Impact

Exploitation of this vulnerability allows attackers to bypass authentication on protected routes, gaining access without valid credentials.

Remediation

Users can upgrade to Traefik versions 2.11.43, 3.6.14, or 3.7.0-rc.2 to address this vulnerability.

Added: Apr 30, 2026, 9:33 PM

Updated: Apr 30, 2026, 9:33 PM

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

5.0

exploitability

7.9

remediation

7.7

relevance

7.1

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

5.0

exploitability

7.9

remediation

7.7

relevance

7.1

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Traefik Authentication Bypass Vulnerability in ForwardAuth and Snippet-Based Middleware

Vulnerability

Impact

Remediation

Affected Products

Traefik

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating