Path traversal in Traefik - #VU137266
Published: July 9, 2026
Traefik
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass authentication and access protected routes.
The vulnerability exists due to path traversal in ReplacePathRegex middleware when processing a crafted HTTP request that produces an un-normalized replacement path. A remote attacker can send a specially crafted request to bypass authentication and access protected routes.
The issue occurs only when ReplacePathRegex is configured with a regular expression that captures user-controlled path segments without a mandatory separator, and exploitation depends on a backend that normalizes the forwarded path.