VDB
GHSA-46wh-3698-f2cx
GHSA-46wh-3698-f2cx
PUBLISHED
CVSS 9.100000381469727 CRITICAL
Traefik: Deny Rule Bypass via Unauthenticated Malicious gRPC Requests in gRPC-Go Dependency (CVE-2026-33186)
Risk Scores
CVSS 3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | traefik/traefik/v2 | 0, 0, 0 |
| github.com | traefik/traefik/v3 | 3.7.0-ea.1, 3.0.0-beta3, 3.7.0-ea.1 |
| google.golang.org | grpc | 0, 0, 1.79.3 |
| github.com | traefik/traefik/v2 |
Timeline
- Mar 26, 2026 Security Advisory
- Mar 29, 2026 CVE Published
References
- https://github.com/traefik/traefik/security/advisories/GHSA-46wh-3698-f2cx url
- https://github.com/advisories/GHSA-p77j-4mvh-x3m3 advisory
- https://github.com/traefik/traefik package
- https://github.com/traefik/traefik/blob/67c64ed9b25fbb90f1086977a62827133a7aa01b/go.mod#L108 url
- https://github.com/traefik/traefik/releases/tag/v2.11.42 url
- https://github.com/traefik/traefik/releases/tag/v3.6.12 url
- https://github.com/traefik/traefik/releases/tag/v3.7.0-ea.3 url
- https://github.com/advisories/GHSA-46wh-3698-f2cx advisory
- https://github.com/grpc/grpc-go package
- https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-33186 advisory