Authentication Bypass Vulnerability in Traefik HTTP Reverse Proxy
CVE-2026-54764
What is CVE-2026-54764?
Traefik, a popular HTTP reverse proxy and load balancer, has a vulnerability in its ForwardAuth middleware affecting specific versions. Despite the 'trustForwardHeader' option set to false, the middleware improperly identifies the X-Forwarded-Port header from the original request, rather than a sanitized, forwarded request. This flaw can be exploited by an unauthenticated remote attacker who sends a crafted X-Forwarded-Proto header over a plain HTTP connection, leading Traefik to forward the incorrect X-Forwarded-Port value of 443 to the authentication service. This bypass allows attackers to circumvent port-based authorization checks, posing a security risk. The issue is resolved in versions v2.11.51, v3.6.22, and v3.7.6.
Affected Version(s)
traefik < 2.11.51 < 2.11.51
traefik >= 3.0.0, < 3.6.22 < 3.0.0, 3.6.22
traefik >= 3.7.0, < 3.7.6 < 3.7.0, 3.7.6
