CVE-2026-26998

CVE-2026-26998

Name

CVE-2026-26998

Description

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.38 and 3.6.9, there is a potential vulnerability in Traefik managing the ForwardAuth middleware responses. When Traefik is configured to use the ForwardAuth middleware, the response body from the authentication server is read entirely into memory without any size limit. There is no maxResponseBodySize configuration to restrict the amount of data read from the authentication server response. If the authentication server returns an unexpectedly large or unbounded response body, Traefik will allocate unlimited memory, potentially causing an out-of-memory (OOM) condition that crashes the process. This results in a denial of service for all routes served by the affected Traefik instance. This issue has been patched in versions 2.11.38 and 3.6.9.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
security-advisories@github.com	https://github.com/traefik/traefik/releases/tag/v2.11.38
security-advisories@github.com	https://github.com/traefik/traefik/releases/tag/v3.6.9
security-advisories@github.com	https://github.com/traefik/traefik/security/advisories/GHSA-fw45-f5q2-2p4x

Type

URI

security-advisories@github.com

https://github.com/traefik/traefik/releases/tag/v2.11.38

security-advisories@github.com

https://github.com/traefik/traefik/releases/tag/v3.6.9

security-advisories@github.com

https://github.com/traefik/traefik/security/advisories/GHSA-fw45-f5q2-2p4x

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:traefik:traefik::::::::`	traefik	>= None	< 2.11.38
`cpe:2.3:a:traefik:traefik::::::::`	traefik	>= 3.0.0	< 3.6.9

CPE URI

Source package

Min version

Max version

cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*

traefik

>= None

< 2.11.38

cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*

traefik

>= 3.0.0

< 3.6.9

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
traefik	edge-community	3.6.8-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.6.7-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.6.7-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.6.6-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.6.6-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.6.4-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.6.2-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.6.2-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.5.0-r2	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.5.0-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.5.0-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.4.0-r2	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.4.0-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.4.0-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.3.4-r3	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.3.4-r2	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.3.4-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.3.4-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.3.3-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.3.2-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.3.2-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.1.7-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.1.3-r0	None	possibly vulnerable
traefik	edge-community	2.9.10-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	2.9.6-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	2.2.8-r0	None	possibly vulnerable
traefik	3.23-community	3.6.2-r6	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	3.23-community	3.6.2-r5	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	3.23-community	3.6.2-r4	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	3.23-community	3.6.2-r3	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	3.23-community	3.6.2-r2	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	3.23-community	3.6.2-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages