CVE-2026-33433

CVE-2026-33433

Name

CVE-2026-33433

Description

Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.42, 3.6.11, and 3.7.0-ea.3, when `headerField` is configured with a non-canonical HTTP header name (e.g., `x-auth-user` instead of `X-Auth-User`), an authenticated attacker can inject their own canonical version of that header to impersonate any identity to the backend. The backend receives two header entries — the attacker-injected canonical one is read first, overriding Traefik's non-canonical write. Versions 2.11.42, 3.6.11, and 3.7.0-ea.3 patch the issue.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
security-advisories@github.com	https://github.com/traefik/traefik/releases/tag/v2.11.42
security-advisories@github.com	https://github.com/traefik/traefik/releases/tag/v3.6.11
security-advisories@github.com	https://github.com/traefik/traefik/releases/tag/v3.7.0-ea.3
security-advisories@github.com	https://github.com/traefik/traefik/security/advisories/GHSA-qr99-7898-vr7c

Type

URI

security-advisories@github.com

https://github.com/traefik/traefik/releases/tag/v2.11.42

security-advisories@github.com

https://github.com/traefik/traefik/releases/tag/v3.6.11

security-advisories@github.com

https://github.com/traefik/traefik/releases/tag/v3.7.0-ea.3

security-advisories@github.com

https://github.com/traefik/traefik/security/advisories/GHSA-qr99-7898-vr7c

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:traefik:traefik::::::::`	traefik	>= None	< 2.11.42
`cpe:2.3:a:traefik:traefik::::::::`	traefik	>= 3.0.0	< 3.6.12
`cpe:2.3:a:traefik:traefik:3.7.0:ea1::::::`	traefik	== None	== 3.7.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*

traefik

>= None

< 2.11.42

cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*

traefik

>= 3.0.0

< 3.6.12

cpe:2.3:a:traefik:traefik:3.7.0:ea1:*:*:*:*:*:*

traefik

== None

== 3.7.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
traefik	edge-community	3.6.9-r2	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.6.9-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.6.9-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.6.8-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.6.7-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.6.7-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.6.6-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.6.6-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.6.4-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.6.2-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.6.2-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.5.0-r2	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.5.0-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.5.0-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.4.0-r2	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.4.0-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.4.0-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.3.4-r3	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.3.4-r2	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.3.4-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.3.4-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.3.3-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.3.2-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.3.2-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.1.7-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	3.1.3-r0	None	possibly vulnerable
traefik	edge-community	2.9.10-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	2.9.6-r0	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	edge-community	2.2.8-r0	None	possibly vulnerable
traefik	3.23-community	3.6.2-r5	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	3.23-community	3.6.2-r4	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	3.23-community	3.6.2-r3	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	3.23-community	3.6.2-r2	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable
traefik	3.23-community	3.6.2-r1	Francesco Colista <fcolista@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages