Denial-of-Service Vulnerability in Traefik HTTP/2 Request Handling
CVE-2023-54365

8.7HIGH

Key Information:

Vendor: Traefik
Status: Traefik
Vendor: CVE Published:; 23 June 2026

What is CVE-2023-54365?

Traefik versions prior to 2.10.5 and 3.0.0-beta4 are susceptible to a denial-of-service vulnerability stemming from the handling of HTTP/2 requests, specifically linked to the 'Rapid Reset' technique found in the Go standard library. This flaw allows an attacker to generate a large volume of HTTP/2 streams in a rapid sequence, leading to resource exhaustion on the server. Exploiting this vulnerability could lead to a complete disruption of service, preventing legitimate users from accessing the application.

Affected Version(s)

Traefik 0 < 2.10.5

Traefik 3.0.0-beta1 < 3.0.0-beta4

Traefik 2.10.5

References

https://github.com/traefik/traefik/security/advisories/GH...

vendor-advisory

https://www.vulncheck.com/advisories/traefik-denial-of-se...

third-party-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2026
Vulnerability Reserved
Jun 22, 2026

CVE-2023-54365 Data

JSON