Detections
Analytics

Traefik < 2.11.41 / 3.x < 3.6.11 Multiple Vulnerabilities

high Nessus Plugin ID 303797

Synopsis

The remote macOS host is affected by multiple vulnerabilities.

Description

The version of Traefik installed on the remote macOS host is prior to 2.11.41 or 3.x prior to 3.6.11. It is, therefore, affected by multiple vulnerabilities:

 - mTLS bypass through the TLS SNI pre-sniffing logic related to fragmented ClientHello packets. When a TLS ClientHello is fragmented across multiple records, Traefik's SNI extraction may fail with an EOF and return an empty SNI. The TCP router then falls back to the default TLS configuration, which does not require client certificates by default. This allows an attacker to bypass route-level mTLS enforcement and access services that should require mutual TLS authentication. (CVE-2026-32305)

 - BasicAuth middleware allows username enumeration via a timing attack. When a submitted username exists, the middleware performs a bcrypt password comparison taking significantly longer than when the username does not exist. This timing difference is observable over the network and allows an unauthenticated attacker to reliably distinguish valid from invalid usernames. (CVE-2026-32595)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Traefik version 2.11.41, 3.6.11, or later.

See Also

http://www.nessus.org/u?143fb341

http://www.nessus.org/u?2e719244

Plugin Details

Severity: High

ID: 303797

File Name: macos_traefik_3_6_11.nasl

Version: 1.2

Type: local

Agent: macosx

Published: 3/26/2026

Updated: 3/27/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.9

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2026-32305

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS v4

Risk Factor: High

Base Score: 7.8

Threat Score: 4.7

Threat Vector: CVSS:4.0/E:U

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N

Vulnerability Information

CPE: cpe:/a:traefik:traefik

Required KB Items: Host/local_checks_enabled, installed_sw/traefik

Exploit Ease: No known exploits are available

Patch Publication Date: 3/20/2026

Vulnerability Publication Date: 3/20/2026

Reference Information

CVE: CVE-2026-32305, CVE-2026-32595