CVE-2026-26998

{"id": "CVE-2026-26998", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.7}]}, "published": "2026-03-05T19:16:05.140", "references": [{"url": "https://github.com/traefik/traefik/releases/tag/v2.11.38", "tags": ["Product", "Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/traefik/traefik/releases/tag/v3.6.9", "tags": ["Product", "Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/traefik/traefik/security/advisories/GHSA-fw45-f5q2-2p4x", "tags": ["Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.38 and 3.6.9, there is a potential vulnerability in Traefik managing the ForwardAuth middleware responses. When Traefik is configured to use the ForwardAuth middleware, the response body from the authentication server is read entirely into memory without any size limit. There is no maxResponseBodySize configuration to restrict the amount of data read from the authentication server response. If the authentication server returns an unexpectedly large or unbounded response body, Traefik will allocate unlimited memory, potentially causing an out-of-memory (OOM) condition that crashes the process. This results in a denial of service for all routes served by the affected Traefik instance. This issue has been patched in versions 2.11.38 and 3.6.9."}, {"lang": "es", "value": "Traefik es un proxy inverso HTTP y un balanceador de carga. Antes de las versiones 2.11.38 y 3.6.9, existe una posible vulnerabilidad en Traefik al gestionar las respuestas del middleware ForwardAuth. Cuando Traefik est\u00e1 configurado para usar el middleware ForwardAuth, el cuerpo de la respuesta del servidor de autenticaci\u00f3n se lee completamente en la memoria sin ning\u00fan l\u00edmite de tama\u00f1o. No existe una configuraci\u00f3n maxResponseBodySize para restringir la cantidad de datos le\u00eddos de la respuesta del servidor de autenticaci\u00f3n. Si el servidor de autenticaci\u00f3n devuelve un cuerpo de respuesta inesperadamente grande o ilimitado, Traefik asignar\u00e1 memoria ilimitada, lo que podr\u00eda causar una condici\u00f3n de falta de memoria (OOM) que bloquee el proceso. Esto resulta en una denegaci\u00f3n de servicio para todas las rutas servidas por la instancia de Traefik afectada. Este problema ha sido parcheado en las versiones 2.11.38 y 3.6.9."}], "lastModified": "2026-03-06T15:27:01.330", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F729E45-F8B4-4A50-A2BE-C52CFFEB888D", "versionEndExcluding": "2.11.38"}, {"criteria": "cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFEBE8EC-89F8-415A-8BB4-209F070117B7", "versionEndExcluding": "3.6.9", "versionStartIncluding": "3.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}