VDB

GHSA-46wh-3698-f2cx

GHSA-46wh-3698-f2cx PUBLISHED CVSS 9.100000381469727 CRITICAL

Traefik: Deny Rule Bypass via Unauthenticated Malicious gRPC Requests in gRPC-Go Dependency (CVE-2026-33186)

Risk Scores

CVSS 3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products

VendorProductVersions
github.comtraefik/traefik/v20, 0, 0
github.comtraefik/traefik/v33.7.0-ea.1, 3.0.0-beta3, 3.7.0-ea.1
google.golang.orggrpc0, 0, 1.79.3
github.comtraefik/traefik/v2

Timeline

  • Mar 26, 2026 Security Advisory
  • Mar 29, 2026 CVE Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›