Insufficient verification of data authenticity in Traefik - CVE-2026-54764
Published: July 3, 2026
Traefik
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass port-based authorization checks.
The vulnerability exists due to insufficient verification of data authenticity in the ForwardAuth middleware when handling requests with a spoofed X-Forwarded-Proto header while trustForwardHeader is set to false. A remote attacker can send a specially crafted request to bypass port-based authorization checks.
Exploitation affects deployments where the downstream authentication service makes authorization decisions based on the X-Forwarded-Port header.