CVE-2026-32305

CVE-2026-32305

Name

CVE-2026-32305

Description

Traefik is an HTTP reverse proxy and load balancer. Versions 2.11.40 and below, 3.0.0-beta1 through 3.6.11, and 3.7.0-ea.1 are vulnerable to mTLS bypass through the TLS SNI pre-sniffing logic related to fragmented ClientHello packets. When a TLS ClientHello is fragmented across multiple records, Traefik's SNI extraction may fail with an EOF and return an empty SNI. The TCP router then falls back to the default TLS configuration, which does not require client certificates by default. This allows an attacker to bypass route-level mTLS enforcement and access services that should require mutual TLS authentication. This issue is patched in versions 2.11.41, 3.6.11 and 3.7.0-ea.2.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
security-advisories@github.com	https://github.com/traefik/traefik/releases/tag/v2.11.41
security-advisories@github.com	https://github.com/traefik/traefik/releases/tag/v3.6.11
security-advisories@github.com	https://github.com/traefik/traefik/releases/tag/v3.7.0-ea.2
security-advisories@github.com	https://github.com/traefik/traefik/security/advisories/GHSA-wvvq-wgcr-9q48

Type

URI

security-advisories@github.com

https://github.com/traefik/traefik/releases/tag/v2.11.41

security-advisories@github.com

https://github.com/traefik/traefik/releases/tag/v3.6.11

security-advisories@github.com

https://github.com/traefik/traefik/releases/tag/v3.7.0-ea.2

security-advisories@github.com

https://github.com/traefik/traefik/security/advisories/GHSA-wvvq-wgcr-9q48

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:traefik:traefik::::::::`	traefik	>= None	< 2.11.41
`cpe:2.3:a:traefik:traefik::::::::`	traefik	>= 3.0.0	<= 3.6.11
`cpe:2.3:a:traefik:traefik:3.7.0:ea1::::::`	traefik	== None	== 3.7.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*

traefik

>= None

< 2.11.41

cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*

traefik

>= 3.0.0

<= 3.6.11

cpe:2.3:a:traefik:traefik:3.7.0:ea1:*:*:*:*:*:*

traefik

== None

== 3.7.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
traefik	edge-community	3.7.0-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.6.9-r2	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.6.9-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.6.9-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.6.8-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.6.7-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.6.7-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.6.6-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.6.6-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.6.4-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.6.2-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.6.2-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.5.0-r2	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.5.0-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.5.0-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.4.0-r2	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.4.0-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.4.0-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.3.4-r3	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.3.4-r2	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.3.4-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.3.4-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.3.3-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.3.2-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.3.2-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.1.7-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.1.3-r0	None	possibly vulnerable
traefik	edge-community	2.9.10-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	2.9.6-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	2.2.8-r0	None	possibly vulnerable
traefik	3.23-community	3.6.2-r5	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	3.23-community	3.6.2-r4	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	3.23-community	3.6.2-r3	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	3.23-community	3.6.2-r2	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	3.23-community	3.6.2-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages