Vulnerability Report: GO-2026-4322
- CVE-2026-22045, GHSA-cwjm-3f7h-9hwq
- Affects: github.com/traefik/traefik, github.com/traefik/traefik/v2, and 1 more
- Published: Jan 23, 2026
Traefik's ACME TLS-ALPN fast path lacks timeouts and close on handshake stall in github.com/traefik/traefik
For detailed information about this vulnerability, visit https://github.com/traefik/traefik/security/advisories/GHSA-cwjm-3f7h-9hwq.
Affected Packages
-
PathVersionsSymbols
Aliases
References
- https://github.com/traefik/traefik/security/advisories/GHSA-cwjm-3f7h-9hwq
- https://github.com/traefik/traefik/commit/e9f3089e9045812bcf1b410a9d40568917b26c3d
- https://github.com/traefik/traefik/releases/tag/v2.11.35
- https://github.com/traefik/traefik/releases/tag/v3.6.7
- https://vuln.go.dev/ID/GO-2026-4322.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.