FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

traefik -- ACME TLS-ALPN fast path potential DoS

Affected packages
traefik < 3.6.7

Details

VuXML ID 1a82bf18-0417-11f1-be6f-5404a68ad561
Discovery 2026-01-15
Entry 2026-02-07

The traefik project reports:

There is a potential vulnerability in Traefik ACME TLS certificates' automatic generation: the ACME TLS-ALPN fast path can allow unauthenticated clients to tie up goroutines and file descriptors indefinitely when the ACME TLS challenge is enabled.A malicious client can open many connections, send a minimal ClientHello with acme-tls/1, then stop responding, leading to denial of service of the entrypoint.

[source]

References

CVE Name CVE-2026-22045
URL https://nvd.nist.gov/vuln/detail/CVE-2026-22045

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.