FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

traefik -- Multiple vulnerabilities

Affected packages
		traefik	<	3.7.3

Details

VuXML ID	57e69b2c-67b2-11f1-b3b6-5404a68ad561
Discovery	2026-06-04
Entry	2026-06-14

The traefik project releases a new version addressing multiple CVEs:

CVE-2026-48020 (StripPrefix Route-Level Auth Bypass)

CVE-2026-48491 (SNICheck ignores wildcard TLSOptions mappings, allowing domain-fronted mTLS bypass)

HTTP/3 mTLS bypass via exact SNI TLSOptions lookup for wildcard and mixed-case hosts

[source]

References

CVE Name	CVE-2026-48020
CVE Name	CVE-2026-48491
URL	https://github.com/traefik/traefik/releases/tag/v3.7.3