OPENSUSE-SU-2026:11251-1
Vulnerability from csaf_opensuse - Published: 2026-07-10 00:00 - Updated: 2026-07-10 00:00Summary
traefik-3.7.7-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: traefik-3.7.7-1.1 on GA media
Description of the patch: These are all security issues fixed in the traefik-3.7.7-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-11251
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:traefik-3.7.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:traefik-3.7.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:traefik-3.7.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:traefik-3.7.7-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.6 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:traefik-3.7.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:traefik-3.7.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:traefik-3.7.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:traefik-3.7.7-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:traefik-3.7.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:traefik-3.7.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:traefik-3.7.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:traefik-3.7.7-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:traefik-3.7.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:traefik-3.7.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:traefik-3.7.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:traefik-3.7.7-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:traefik-3.7.7-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:traefik-3.7.7-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:traefik-3.7.7-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:traefik-3.7.7-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "traefik-3.7.7-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the traefik-3.7.7-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-11251",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_11251-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-54761 page",
"url": "https://www.suse.com/security/cve/CVE-2026-54761/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-54762 page",
"url": "https://www.suse.com/security/cve/CVE-2026-54762/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-54763 page",
"url": "https://www.suse.com/security/cve/CVE-2026-54763/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-54764 page",
"url": "https://www.suse.com/security/cve/CVE-2026-54764/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-54765 page",
"url": "https://www.suse.com/security/cve/CVE-2026-54765/"
}
],
"title": "traefik-3.7.7-1.1 on GA media",
"tracking": {
"current_release_date": "2026-07-10T00:00:00Z",
"generator": {
"date": "2026-07-10T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:11251-1",
"initial_release_date": "2026-07-10T00:00:00Z",
"revision_history": [
{
"date": "2026-07-10T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "traefik-3.7.7-1.1.aarch64",
"product": {
"name": "traefik-3.7.7-1.1.aarch64",
"product_id": "traefik-3.7.7-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "traefik-3.7.7-1.1.ppc64le",
"product": {
"name": "traefik-3.7.7-1.1.ppc64le",
"product_id": "traefik-3.7.7-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "traefik-3.7.7-1.1.s390x",
"product": {
"name": "traefik-3.7.7-1.1.s390x",
"product_id": "traefik-3.7.7-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "traefik-3.7.7-1.1.x86_64",
"product": {
"name": "traefik-3.7.7-1.1.x86_64",
"product_id": "traefik-3.7.7-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "traefik-3.7.7-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:traefik-3.7.7-1.1.aarch64"
},
"product_reference": "traefik-3.7.7-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "traefik-3.7.7-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:traefik-3.7.7-1.1.ppc64le"
},
"product_reference": "traefik-3.7.7-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "traefik-3.7.7-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:traefik-3.7.7-1.1.s390x"
},
"product_reference": "traefik-3.7.7-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "traefik-3.7.7-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:traefik-3.7.7-1.1.x86_64"
},
"product_reference": "traefik-3.7.7-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-54761",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-54761"
}
],
"notes": [
{
"category": "general",
"text": "Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik\u0027s Kubernetes Gateway provider affecting the crossProviderNamespaces allowlist. For HTTPRoute rules that declare multiple (WRR) backendRefs, Traefik evaluates the allowlist against the target backendRef.namespace instead of the route\u0027s own namespace. As a result, an HTTPRoute created in a namespace that is not allow-listed can reference a cross-provider TraefikService such as api@internal, dashboard@internal or rest@internal by pointing backendRef.namespace at an allow-listed namespace covered by a Gateway API ReferenceGrant, exposing internal Traefik services on the data plane. Exploitation requires the ability to create an accepted HTTPRoute and a matching ReferenceGrant from an allow-listed namespace; it does not require any change to Traefik static configuration, RBAC, or the deployment itself. This vulnerability is fixed in 3.6.21 and 3.7.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:traefik-3.7.7-1.1.aarch64",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.ppc64le",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.s390x",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-54761",
"url": "https://www.suse.com/security/cve/CVE-2026-54761"
},
{
"category": "external",
"summary": "SUSE Bug 1268523 for CVE-2026-54761",
"url": "https://bugzilla.suse.com/1268523"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:traefik-3.7.7-1.1.aarch64",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.ppc64le",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.s390x",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:traefik-3.7.7-1.1.aarch64",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.ppc64le",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.s390x",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-10T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-54761"
},
{
"cve": "CVE-2026-54762",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-54762"
}
],
"notes": [
{
"category": "general",
"text": "Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium severity vulnerability in Traefik\u0027s Kubernetes Ingress NGINX provider that causes affected routes to fail open. When an Ingress explicitly enables BasicAuth or DigestAuth through the supported nginx.ingress.kubernetes.io/auth-type and auth-secret annotations, but the referenced auth Secret cannot be resolved or parsed, Traefik logs the resolution error, skips installing the authentication middleware, and still emits a router to the backend service. A route that operators intended to protect is therefore published to the data plane without its authentication control, allowing unauthenticated access to the backend. The trigger is an invalid or unresolved auth dependency - a missing, malformed, unreadable, or policy-denied Secret - rather than an intentionally unprotected route. This vulnerability is fixed in 3.7.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:traefik-3.7.7-1.1.aarch64",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.ppc64le",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.s390x",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-54762",
"url": "https://www.suse.com/security/cve/CVE-2026-54762"
},
{
"category": "external",
"summary": "SUSE Bug 1268765 for CVE-2026-54762",
"url": "https://bugzilla.suse.com/1268765"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:traefik-3.7.7-1.1.aarch64",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.ppc64le",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.s390x",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:traefik-3.7.7-1.1.aarch64",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.ppc64le",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.s390x",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-10T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-54762"
},
{
"cve": "CVE-2026-54763",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-54763"
}
],
"notes": [
{
"category": "general",
"text": "Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik\u0027s BasicAuth, DigestAuth, and ForwardAuth middlewares strip canonical-cased spoofed identity headers before writing Traefik\u0027s own value, but do not account for underscore-variant header names, which many backends normalize identically to dashed forms. An attacker able to reach a protected route can inject an underscore-variant header that survives Traefik\u0027s stripping and reaches the backend alongside, or on the unauthenticated ForwardAuth authResponseHeaders path instead of, the value Traefik intended to set, spoofing identity or authorization context. This issue is fixed in versions v2.11.51, v3.6.22, and v3.7.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:traefik-3.7.7-1.1.aarch64",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.ppc64le",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.s390x",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-54763",
"url": "https://www.suse.com/security/cve/CVE-2026-54763"
},
{
"category": "external",
"summary": "SUSE Bug 1270430 for CVE-2026-54763",
"url": "https://bugzilla.suse.com/1270430"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:traefik-3.7.7-1.1.aarch64",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.ppc64le",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.s390x",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:traefik-3.7.7-1.1.aarch64",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.ppc64le",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.s390x",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-10T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-54763"
},
{
"cve": "CVE-2026-54764",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-54764"
}
],
"notes": [
{
"category": "general",
"text": "Traefik is an HTTP reverse proxy and load balancer. Prior to v2.11.51, v3.6.22, and v3.7.6, Traefik\u0027s ForwardAuth middleware, even when configured with trustForwardHeader: false, derives the X-Forwarded-Port header sent to the authentication service from the original incoming request instead of the sanitized forwarded request. As a result, an unauthenticated remote attacker can inject an X-Forwarded-Proto: https header over a plain HTTP connection and cause Traefik to forward X-Forwarded-Port: 443 to the authentication service, bypassing port-based authorization checks. This issue is fixed in versions v2.11.51, v3.6.22, and v3.7.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:traefik-3.7.7-1.1.aarch64",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.ppc64le",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.s390x",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-54764",
"url": "https://www.suse.com/security/cve/CVE-2026-54764"
},
{
"category": "external",
"summary": "SUSE Bug 1270432 for CVE-2026-54764",
"url": "https://bugzilla.suse.com/1270432"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:traefik-3.7.7-1.1.aarch64",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.ppc64le",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.s390x",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:traefik-3.7.7-1.1.aarch64",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.ppc64le",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.s390x",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-10T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-54764"
},
{
"cve": "CVE-2026-54765",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-54765"
}
],
"notes": [
{
"category": "general",
"text": "Traefik is an open source HTTP reverse proxy and load balancer. From v3.7.0 prior to v3.7.6, Traefik\u0027s Kubernetes Gateway API provider may resolve two accepted HTTPRoutes that target the same backend Service:port but configure different backendRef filters to the same child service and apply only one route\u0027s filter set to all requests reaching that backend. In Gateway deployments where backendRef filters set security-sensitive headers, such as tenant identity, authorization context, or values the backend trusts, an attacker who can create an accepted HTTPRoute sharing the same backend Service:port may cause their route\u0027s filter context to be applied to another route\u0027s requests, potentially crossing namespace boundaries when a ReferenceGrant permits cross-namespace targeting. This issue is fixed in version v3.7.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:traefik-3.7.7-1.1.aarch64",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.ppc64le",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.s390x",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-54765",
"url": "https://www.suse.com/security/cve/CVE-2026-54765"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:traefik-3.7.7-1.1.aarch64",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.ppc64le",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.s390x",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:traefik-3.7.7-1.1.aarch64",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.ppc64le",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.s390x",
"openSUSE Tumbleweed:traefik-3.7.7-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-07-10T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-54765"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…