GO-2026-4793 — Vulnetix

GO-2026-4793 PUBLISHED

Traefik has a Potential mTLS Bypass via Fragmented TLS ClientHello Causing Pre-SNI Sniff Fallback to Default Non-mTLS TLS Config in github.com/traefik/traefik

Affected Products

Vendor	Product	Versions
github.com	traefik/traefik/v3	0, 3.7.0-ea.1, 3.7.0-ea.1
github.com	traefik/traefik/v2	0, 0
github.com	traefik/traefik	0, 0

Timeline

Mar 23, 2026 CVE Published
Apr 16, 2026 CVE Updated
May 1, 2026 Security Advisory

References

https://github.com/traefik/traefik/security/advisories/GHSA-wvvq-wgcr-9q48 advisory
https://nvd.nist.gov/vuln/detail/CVE-2026-32305 advisory
https://github.com/traefik/traefik/releases/tag/v2.11.41 url
https://github.com/traefik/traefik/releases/tag/v3.6.11 url
https://github.com/traefik/traefik/releases/tag/v3.7.0-ea.2 url

Open in Interactive Console →