Changeflow GovPing Data Privacy & Cybersecurity Traefik Vulnerabilities Allow Security Policy B...
Priority review Notice Amended Final

Traefik Vulnerabilities Allow Security Policy Bypass

Favicon for www.cert.ssi.gouv.fr CERT-FR Security Advisories
Published March 27th, 2026
Detected March 27th, 2026
Email

Summary

The French National Cybersecurity Agency (ANSSI) has issued an advisory regarding multiple vulnerabilities discovered in Traefik software. These vulnerabilities could allow an attacker to bypass security policies. Affected versions of Traefik require immediate patching.

View original document View source feed page

What changed

ANSSI has published an advisory (CERTFR-2026-AVI-0366) detailing multiple critical vulnerabilities found in Traefik, specifically affecting versions prior to v2.11.42, v3.6.x prior to v3.6.12, and v3.7.0-ea.x prior to v3.7.0-ea.3. These vulnerabilities, identified by CVEs CVE-2026-32695, CVE-2026-33186, and CVE-2026-33433, can enable an attacker to bypass security policies.

Organizations using affected versions of Traefik must consult the vendor's security bulletins and apply the necessary patches immediately to mitigate the risk of security policy bypass. Failure to do so could lead to unauthorized access or compromise of systems relying on Traefik for security enforcement.

What to do next

  1. Identify all instances of affected Traefik versions.
  2. Consult Traefik security bulletins for specific patch details.
  3. Apply vendor-provided patches to mitigate identified vulnerabilities.

Source document (simplified)

Premier Ministre S.G.D.S.N

Agence nationale
de la sécurité des
systèmes d'information

Paris, le 27 mars 2026 N° CERTFR-2026-AVI-0366 Affaire suivie par: CERT-FR

Avis du CERT-FR

Objet: Multiples vulnérabilités dans Traefik

Gestion du document

| Référence | CERTFR-2026-AVI-0366 |
| Titre | Multiples vulnérabilités dans Traefik |
| Date de la première version | 27 mars 2026 |
| Date de la dernière version | 27 mars 2026 |
| Source(s) | Bulletin de sécurité Traefik GHSA-46wh-3698-f2cx du 27 mars 2026
Bulletin de sécurité Traefik GHSA-67jx-r9pv-98rj du 27 mars 2026
Bulletin de sécurité Traefik GHSA-qr99-7898-vr7c du 27 mars 2026 |
Une gestion de version détaillée se trouve à la fin de ce document.

Risque

  • Contournement de la politique de sécurité

Systèmes affectés

  • Traefik versions antérieures à v2.11.42
  • Traefik versions v3.6.x antérieures à v3.6.12
  • Traefik versions v3.7.0-ea.x antérieures à v3.7.0-ea.3

Résumé

De multiples vulnérabilités ont été découvertes dans Traefik. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Documentation

Gestion détaillée du document

  1. le 27 mars 2026 Version initiale

Related changes

Favicon for www.cert.ssi.gouv.fr Siemens Product Vulnerabilities Allow Remote Denial of Service
Priority review Mar 27, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Spring AI Vulnerabilities Allow Code Execution, SSRF, Policy Bypass
Priority review Mar 27, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr NetApp Products Vulnerabilities Affecting Data Integrity and Confidentiality
Priority review Mar 27, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.gov.bm Bermuda Launches National Cybersecurity Risk Assessment
Priority review Mar 28, 2026 Bermuda Government News Government & Legislation
Favicon for www.nist.gov Draft NIST Cyber AI Profile for Cybersecurity Guidelines
Priority review Mar 28, 2026 NIST News Data Privacy & Cybersecurity
Favicon for usdaoig.oversight.gov USDA IT Security Directives Lack Relevance and Effectiveness
Priority review Mar 28, 2026 USDA OIG Reports Agriculture & Food Safety

Source

Favicon for www.cert.ssi.gouv.fr
CERT-FR Security Advisories cert.ssi.gouv.fr/avis
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
ANSSI
Published
March 27th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
CERTFR-2026-AVI-0366

Who this affects

Industry sector
5112 Software & Technology
Activity scope
Network Security Access Control
Geographic scope
France FR

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Software Vulnerabilities Network Security

Browse Categories

Agriculture & Food Safety 63 AI Regulation 3 Banking & Finance 265 Consumer Protection 44 Courts & Legal 358 Data Privacy & Cybersecurity 69 Defense & National Security 52 Education 20 Energy 106 Environment 85 Government & Legislation 285 Healthcare 136 Housing 16 Immigration 9 Insurance 56 Labor & Employment 114 Legal & Courts 1 Pharma & Drug Safety 103 Securities & Markets 87 Tax 65 Tax & Revenue 1 Telecom & Technology 47 Trade & Sanctions 124 Transportation 57

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-FR Security Advisories publishes new changes.

Optional. Personalizes your daily digest.

Free. Unsubscribe anytime.