CVE

CVE-2026-29054

traefik CVE-2024-45410 fix bypass: lowercase `Connection` tokens can delete traefik-managed forwarded identity headers (for example, `X-Real-Ip`) in github.com/traefik/traefik

Back to all

CVE

CVE-2026-29054

traefik CVE-2024-45410 fix bypass: lowercase `Connection` tokens can delete traefik-managed forwarded identity headers (for example, `X-Real-Ip`) in github.com/traefik/traefik

traefik CVE-2024-45410 fix bypass: lowercase Connection tokens can delete traefik-managed forwarded identity headers (for example, X-Real-Ip) in github.com/traefik/traefik

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

7.5

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.5

3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Related Resources

No items found.

References

https://github.com/traefik/traefik/security/advisories/GHSA-92mv-8f8w-wq52, https://nvd.nist.gov/vuln/detail/CVE-2026-29054, https://github.com/traefik/traefik/releases/tag/v2.11.38, https://github.com/traefik/traefik/releases/tag/v3.6.9

Severity

7.5

CVSS Score

Basic Information

Ecosystem

Base CVSS

7.5

EPSS Probability

0.00014%

EPSS Percentile

0.02913%

Introduced Version

0,2.11.9,3.1.3,v3.1.3,v3.0.0-20240916144157-093989fc14f4,v2.11.9,v2.0.0-20240916091004-584144100524

Fix Available

2.11.38,3.6.9,v3.6.9,v3.0.0-20260223163452-13dc9a689251,v2.11.38,v2.0.0-20260223090410-7494b5c9ff9e

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

CVE-2026-29054

CVE-2026-29054

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

7.5

Basic Information

Fix Critical Vulnerabilities Instantly