CVE-2026-39858 | Traefik up to 2.11.42/3.6.13/3.7.0-rc.1 X_Forwarded_Proto authentication spoofing

A vulnerability labeled as critical has been found in Traefik up to 2.11.42/3.6.13/3.7.0-rc.1. This affects an unknown part. The manipulation of the argument X_Forwarded_Proto results in authentication bypass by spoofing.

This vulnerability is cataloged as CVE-2026-39858. The attack may be launched remotely. There is no exploit available.

The affected component should be upgraded.VulDB Recent EntriesRead More