GO-2026-4597 — Vulnetix

GO-2026-4597 PUBLISHED

traefik CVE-2024-45410 fix bypass: lowercase `Connection` tokens can delete traefik-managed forwarded identity headers (for example, `X-Real-Ip`) in github.com/traefik/traefik

Affected Products

Vendor	Product	Versions
github.com	traefik/traefik	0, 0
github.com	traefik/traefik/v2	2.11.9, 2.11.9
github.com	traefik/traefik/v3	3.1.3, 3.1.3

Timeline

Mar 10, 2026 CVE Published
Apr 16, 2026 CVE Updated
May 1, 2026 Security Advisory

References

https://github.com/traefik/traefik/security/advisories/GHSA-92mv-8f8w-wq52 advisory
https://nvd.nist.gov/vuln/detail/CVE-2026-29054 advisory
https://github.com/traefik/traefik/releases/tag/v2.11.38 url
https://github.com/traefik/traefik/releases/tag/v3.6.9 url

Open in Interactive Console →