FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

traefik -- TCP readTimeout bypass via STARTTLS on Postgres

Affected packages
traefik < 3.6.8

Details

VuXML ID 590979aa-09f7-11f1-a730-5404a68ad561
Discovery 2026-02-11
Entry 2026-02-14

The traefik project reports:

There is a potential vulnerability in Traefik managing STARTTLS requests. An unauthenticated client can bypass Traefik entrypoint respondingTimeouts.readTimeout by sending the 8-byte Postgres SSLRequest (STARTTLS) prelude and then stalling, causing connections to remain open indefinitely, leading to a denial of service

[source]

References

CVE Name CVE-2026-25949
URL https://nvd.nist.gov/vuln/detail/CVE-2026-25949

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.