OverviewQuickstartResponse FieldsAPI ReferenceSDK ReferenceAccount & PortalAI Agent IntegrationCI/CD IntegrationIntegrations↳ LangChainProductsSupply chainFAQ
products / traefik

Traefik

Traefik is a cloud-native reverse proxy and load balancer designed for microservices and container environments. It is widely used as a Kubernetes ingress controller and as the entry point for AI model serving endpoints. CVE history includes authentication middleware bypasses and header injection vulnerabilities.

api usage

Querying Traefik

product slugtraefik
version format3.1.5, 2.11.8, 2.10.6
bash
curl "https://api.attestd.io/v1/check?product=traefik&version=2.5.0" \
  -H "Authorization: Bearer $ATTESTD_KEY"

Traefik 2.5.0 is affected by CVE-2022-23632 (TLS verification bypass in ForwardAuth middleware). The aggregated response expects risk_state: "high".

json
{
  "product": "traefik",
  "version": "2.5.0",
  "supported": true,
  "risk_state": "high",
  "risk_factors": [
    "authentication_bypass",
    "internet_exposed_service",
    "patch_available"
  ],
  "actively_exploited": false,
  "remote_exploitable": true,
  "authentication_required": false,
  "patch_available": true,
  "fixed_version": "2.6.1",
  "confidence": 0.81,
  "cve_ids": ["CVE-2022-23632"],
  "last_updated": "2026-02-23T18:21:30Z"
}
safe version

Traefik 3.1.5 has no known relevant vulnerabilities at the time of the last synthesis run.

bash
curl "https://api.attestd.io/v1/check?product=traefik&version=3.1.5" \
  -H "Authorization: Bearer $ATTESTD_KEY"
notable cves

CVE history

Traefik's CVE history concentrates around its middleware processing pipeline, particularly header forwarding, authentication bypass, and request routing. The most severe issues (CVE-2024-45410, CVE-2022-23632) involve header injection that reaches upstream services after bypassing authentication layers.

CVEDescriptionAffectsCVSS
CVE-2024-45410Header injection via improper handling of HTTP/1.1 requests allows attacker-controlled headers to be forwarded to upstream services.< 2.11.8, < 3.1.59.8
CVE-2023-47106ACME TLS challenge endpoint susceptible to request header injection via malformed Host header values.< 2.10.6, < 3.0.0-beta56.5
CVE-2022-23632TLS verification bypass in ForwardAuth middleware allows request forwarding without valid certificate verification in certain configurations.< 2.6.17.4
CVE-2022-23633Internal service URL exposed in error responses when routing rules do not match, potentially leaking backend topology.< 2.6.15.9
CVE-2021-32813Middleware bypass via forwarded headers accepted from untrusted peer connections before auth middleware evaluation.< 2.4.136.5
related
All productsHAProxyNGINXResponse Field Reference