Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.8
Traefik: Hackers can bypass HTTPS security on HTTP/3 connections
GHSA-gv8r-9rw9-9697
Summary
Traefik, a popular web traffic manager, has a security flaw that could allow hackers to bypass the secure encryption on some internet connections. This means that sensitive information could be intercepted by unauthorized parties. If you use Traefik, update to the latest version to protect your data and users.
What to do
- Update github.com traefik to version 2.11.37.
- Update github.com traefik to version 3.6.8.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| github.com | traefik | <= 1.7.34 | – |
| github.com | traefik | <= 2.11.36 | 2.11.37 |
| github.com | traefik | <= 3.6.7 | 3.6.8 |
Original title
Traefik affected by TLS ClientAuth Bypass on HTTP/3
Original description
### Summary
There is a potential vulnerability in Traefik managing HTTP/3 connections.
More details in the [CVE-2025-68121](https://nvd.nist.gov/vuln/detail/CVE-2025-68121).
## Patches
- https://github.com/traefik/traefik/releases/tag/v2.11.37
- https://github.com/traefik/traefik/releases/tag/v3.6.8
## Workarounds
No workaround
## For more information
If you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).
There is a potential vulnerability in Traefik managing HTTP/3 connections.
More details in the [CVE-2025-68121](https://nvd.nist.gov/vuln/detail/CVE-2025-68121).
## Patches
- https://github.com/traefik/traefik/releases/tag/v2.11.37
- https://github.com/traefik/traefik/releases/tag/v3.6.8
## Workarounds
No workaround
## For more information
If you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).
ghsa CVSS3.1
10.0
Vulnerability type
CWE-1395
Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026