[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-66490":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T14:55:36.164Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":38,"aliases":48,"duplicate_of":9,"upstream":51,"downstream":52,"duplicates":59,"related":60,"reserved_at":9,"published_at":66,"modified_at":67,"state":68,"summary":69,"references_raw":77,"kevs":108,"epss":109,"epss_history":112,"metrics":378,"affected":392},"CVE-2025-66490","Traefik is an HTTP reverse proxy and load balancer. For versions prior to 2.11.32 and 2.11.31 through 3.6.2, requests using PathPrefix, Path or PathRegex matchers can bypass path normalization. When Traefik uses path-based routing, requests containing URL-encoded restricted characters (/, \\, Null, ;, ?, #) can bypass the middleware chain and reach unintended backends. For example, a request to http://mydomain.example.com/admin%2F could reach service-a without triggering my-security-middleware, bypassing security controls for the /admin/ path. This issue is fixed in versions 2.11.32 and 3.6.3.",null,[11,31],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-436","Interpretation Conflict","Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state.","weakness","Incomplete","Class",[19,23,27],{"id":20,"name":21,"techniques":22},"CAPEC-105","HTTP Request Splitting",[],{"id":24,"name":25,"techniques":26},"CAPEC-273","HTTP Response Smuggling",[],{"id":28,"name":29,"techniques":30},"CAPEC-34","HTTP Response Splitting",[],{"_key":32,"id":32,"name":33,"description":34,"type":35,"status":36,"abstraction":9,"likelihood_of_exploit":9,"capec":37},"NVD-CWE-NOINFO","Insufficient Information","NVD uses this CWE ID when there is insufficient information to assign a specific CWE.","placeholder","NVD-Reserved",[],[39],{"_key":40,"name":41,"source":42,"url":43,"maturity":44,"reliability_score":45,"verified":46,"type":9,"platforms":47,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_TRAEFIK_TRAEFIK","Traefik","github","https://github.com/traefik/traefik/security/advisories/GHSA-h2ph-vhm7-g4hp","poc",0.3,false,[],[49,50],"GHSA-gm3x-23wp-hc2c","GO-2025-4206",[],[53,55,57],{"_key":54},"SUSE-SU-2026:0037-1",{"_key":56},"OPENSUSE-SU-2026:10020-1",{"_key":58},"OPENSUSE-SU-2026:10143-1",[],[61,62,63,64],{"_key":54},{"_key":56},{"_key":58},{"_key":65},"CGA-M4QP-GW68-X255","2025-12-09T00:35:26.530Z","2025-12-09T16:03:33.572Z","Analyzed",{"cisa_kev":46,"cisa_ransomware":46,"cisa_vendor":9,"epss_severity":70,"epss_score":71,"severity":72,"severity_score":73,"severity_version":74,"severity_source":75,"severity_vector":76,"severity_status":68},"low",0.00018,"medium",6.9,"v4.0","cve.org","CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",[78,89,95,99,103],{"url":79,"sources":80,"tags":83},"https://github.com/traefik/traefik/security/advisories/GHSA-gm3x-23wp-hc2c",[75,81,82],"nvd","osv_go",[84,85,86,87,88],"X Refsource CONFIRM","Exploit","Vendor Advisory","WEB","Advisory",{"url":90,"sources":91,"tags":92},"https://github.com/traefik/traefik/releases/tag/v2.11.32",[75,81,82],[93,94,87],"X Refsource MISC","Release Notes",{"url":96,"sources":97,"tags":98},"https://github.com/traefik/traefik/releases/tag/v3.6.4",[75,81,82],[93,94,87],{"url":100,"sources":101,"tags":102},"https://nvd.nist.gov/vuln/detail/CVE-2025-66490",[82],[88],{"url":104,"sources":105,"tags":106},"https://github.com/traefik/traefik",[82],[107],"PACKAGE",[],{"date":110,"score":71,"percentile":111},"2026-06-05",0.04884,[113,117,120,123,127,130,132,136,139,142,145,148,151,154,157,159,162,165,168,171,174,177,179,181,184,187,190,193,196,199,201,203,206,209,211,214,217,220,223,226,229,232,235,239,242,245,248,251,254,257,260,263,266,269,272,275,278,281,284,286,289,292,295,298,301,304,307,310,313,316,319,322,325,328,331,334,337,339,342,345,348,351,354,357,360,363,366,369,372,375],{"date":114,"score":115,"percentile":116},"2025-12-09",0.00013,0.01536,{"date":118,"score":115,"percentile":119},"2025-12-10",0.0155,{"date":121,"score":115,"percentile":122},"2025-12-11",0.01548,{"date":124,"score":125,"percentile":126},"2025-12-12",0.00009,0.0065,{"date":128,"score":125,"percentile":129},"2025-12-13",0.00649,{"date":131,"score":125,"percentile":129},"2025-12-14",{"date":133,"score":134,"percentile":135},"2025-12-15",0.00012,0.01143,{"date":137,"score":134,"percentile":138},"2025-12-16",0.01147,{"date":140,"score":134,"percentile":141},"2025-12-17",0.01149,{"date":143,"score":134,"percentile":144},"2025-12-18",0.01141,{"date":146,"score":134,"percentile":147},"2025-12-19",0.01145,{"date":149,"score":134,"percentile":150},"2025-12-20",0.01144,{"date":152,"score":134,"percentile":153},"2025-12-21",0.01153,{"date":155,"score":134,"percentile":156},"2025-12-22",0.01154,{"date":158,"score":134,"percentile":153},"2025-12-23",{"date":160,"score":134,"percentile":161},"2025-12-24",0.01157,{"date":163,"score":134,"percentile":164},"2025-12-25",0.01161,{"date":166,"score":134,"percentile":167},"2025-12-26",0.01162,{"date":169,"score":134,"percentile":170},"2025-12-27",0.0116,{"date":172,"score":134,"percentile":173},"2025-12-28",0.01158,{"date":175,"score":134,"percentile":176},"2025-12-29",0.01151,{"date":178,"score":134,"percentile":138},"2025-12-30",{"date":180,"score":134,"percentile":138},"2025-12-31",{"date":182,"score":134,"percentile":183},"2026-01-01",0.01176,{"date":185,"score":134,"percentile":186},"2026-01-02",0.01171,{"date":188,"score":134,"percentile":189},"2026-01-03",0.01175,{"date":191,"score":134,"percentile":192},"2026-01-04",0.01139,{"date":194,"score":134,"percentile":195},"2026-01-05",0.01146,{"date":197,"score":134,"percentile":198},"2026-01-06",0.01142,{"date":200,"score":134,"percentile":150},"2026-01-07",{"date":202,"score":134,"percentile":156},"2026-01-08",{"date":204,"score":134,"percentile":205},"2026-01-09",0.01172,{"date":207,"score":115,"percentile":208},"2026-01-10",0.01497,{"date":210,"score":115,"percentile":208},"2026-01-11",{"date":212,"score":115,"percentile":213},"2026-01-12",0.01478,{"date":215,"score":115,"percentile":216},"2026-01-13",0.01477,{"date":218,"score":115,"percentile":219},"2026-01-14",0.01481,{"date":221,"score":115,"percentile":222},"2026-01-15",0.01492,{"date":224,"score":115,"percentile":225},"2026-01-16",0.01501,{"date":227,"score":115,"percentile":228},"2026-01-17",0.01505,{"date":230,"score":115,"percentile":231},"2026-01-18",0.01515,{"date":233,"score":115,"percentile":234},"2026-01-19",0.01506,{"date":236,"score":237,"percentile":238},"2026-01-20",0.00017,0.03211,{"date":240,"score":237,"percentile":241},"2026-01-21",0.03198,{"date":243,"score":237,"percentile":244},"2026-01-22",0.03201,{"date":246,"score":237,"percentile":247},"2026-01-23",0.03216,{"date":249,"score":237,"percentile":250},"2026-01-24",0.03233,{"date":252,"score":237,"percentile":253},"2026-01-25",0.03218,{"date":255,"score":237,"percentile":256},"2026-01-26",0.03209,{"date":258,"score":237,"percentile":259},"2026-01-27",0.03208,{"date":261,"score":237,"percentile":262},"2026-01-28",0.03213,{"date":264,"score":237,"percentile":265},"2026-01-29",0.03235,{"date":267,"score":237,"percentile":268},"2026-01-30",0.03236,{"date":270,"score":237,"percentile":271},"2026-01-31",0.0325,{"date":273,"score":237,"percentile":274},"2026-02-01",0.03329,{"date":276,"score":237,"percentile":277},"2026-02-02",0.03317,{"date":279,"score":237,"percentile":280},"2026-02-03",0.03323,{"date":282,"score":237,"percentile":283},"2026-02-04",0.03296,{"date":285,"score":237,"percentile":280},"2026-02-05",{"date":287,"score":237,"percentile":288},"2026-02-06",0.03348,{"date":290,"score":237,"percentile":291},"2026-02-07",0.0338,{"date":293,"score":237,"percentile":294},"2026-02-08",0.03372,{"date":296,"score":237,"percentile":297},"2026-02-09",0.03347,{"date":299,"score":237,"percentile":300},"2026-02-10",0.03357,{"date":302,"score":237,"percentile":303},"2026-02-11",0.03453,{"date":305,"score":237,"percentile":306},"2026-02-12",0.03506,{"date":308,"score":237,"percentile":309},"2026-02-13",0.03539,{"date":311,"score":237,"percentile":312},"2026-02-14",0.03573,{"date":314,"score":71,"percentile":315},"2026-02-15",0.03856,{"date":317,"score":71,"percentile":318},"2026-02-16",0.03853,{"date":320,"score":71,"percentile":321},"2026-02-17",0.03834,{"date":323,"score":71,"percentile":324},"2026-02-18",0.04097,{"date":326,"score":71,"percentile":327},"2026-02-19",0.04142,{"date":329,"score":71,"percentile":330},"2026-02-20",0.04122,{"date":332,"score":71,"percentile":333},"2026-02-21",0.04133,{"date":335,"score":71,"percentile":336},"2026-02-22",0.04131,{"date":338,"score":71,"percentile":330},"2026-02-23",{"date":340,"score":71,"percentile":341},"2026-02-24",0.04107,{"date":343,"score":71,"percentile":344},"2026-02-25",0.04093,{"date":346,"score":71,"percentile":347},"2026-02-26",0.04079,{"date":349,"score":71,"percentile":350},"2026-02-27",0.04144,{"date":352,"score":71,"percentile":353},"2026-02-28",0.0414,{"date":355,"score":71,"percentile":356},"2026-03-01",0.04217,{"date":358,"score":71,"percentile":359},"2026-03-02",0.04248,{"date":361,"score":71,"percentile":362},"2026-03-03",0.04263,{"date":364,"score":71,"percentile":365},"2026-03-04",0.04149,{"date":367,"score":71,"percentile":368},"2026-03-05",0.04195,{"date":370,"score":71,"percentile":371},"2026-03-06",0.04171,{"date":373,"score":71,"percentile":374},"2026-03-07",0.04178,{"date":376,"score":71,"percentile":377},"2026-03-08",0.04182,[379,382,390],{"source":75,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":380},{"baseScore":73,"baseSeverity":381,"vectorString":76,"impactScore":9,"exploitabilityScore":9},"MEDIUM",{"source":81,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":383,"cvss_v4_0":388},{"baseScore":384,"baseSeverity":381,"vectorString":385,"impactScore":386,"exploitabilityScore":387},6.5,"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",4.2,10,{"baseScore":73,"baseSeverity":381,"vectorString":389,"impactScore":9,"exploitabilityScore":9},"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",{"source":82,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":391},{"baseScore":73,"baseSeverity":9,"vectorString":76,"impactScore":9,"exploitabilityScore":9},[393,408,416,423],{"ecosystem":394,"name":395,"vendor":396,"product":397,"cpe_part":9,"purl_type":398,"purl_namespace":396,"purl_name":397,"source":9,"versions":399},"Go","github.com/traefik/traefik","github.com/traefik","traefik","golang",[400,406],{"version":401,"is_range":402,"range_type":403,"version_start":9,"version_start_type":9,"version_end":404,"version_end_type":405,"fixed_in":9},"lte1_7_34",true,"semver","1.7.34","including",{"version":407,"is_range":402,"range_type":403,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"all",{"ecosystem":394,"name":409,"vendor":395,"product":410,"cpe_part":9,"purl_type":398,"purl_namespace":395,"purl_name":410,"source":9,"versions":411},"github.com/traefik/traefik/v2","v2",[412],{"version":413,"is_range":402,"range_type":403,"version_start":9,"version_start_type":9,"version_end":414,"version_end_type":415,"fixed_in":9},"lt2_11_32","2.11.32","excluding",{"ecosystem":394,"name":417,"vendor":395,"product":418,"cpe_part":9,"purl_type":398,"purl_namespace":395,"purl_name":418,"source":9,"versions":419},"github.com/traefik/traefik/v3","v3",[420],{"version":421,"is_range":402,"range_type":403,"version_start":9,"version_start_type":9,"version_end":422,"version_end_type":415,"fixed_in":9},"lt3_6_3","3.6.3",{"ecosystem":9,"name":397,"vendor":397,"product":397,"cpe_part":424,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":425},"a",[426,428,430,432,435],{"version":427,"is_range":46,"range_type":75,"version_start":427,"version_start_type":405,"version_end":427,"version_end_type":405,"fixed_in":9},"github.com/traefik/traefik/v3  \u003C 3.6.3",{"version":429,"is_range":46,"range_type":75,"version_start":429,"version_start_type":405,"version_end":429,"version_end_type":405,"fixed_in":9},"github.com/traefik/traefik/v2 \u003C 2.11.32",{"version":431,"is_range":46,"range_type":75,"version_start":431,"version_start_type":405,"version_end":431,"version_end_type":405,"fixed_in":9},"github.com/traefik/traefik \u003C= 1.7.34",{"version":433,"is_range":402,"range_type":434,"version_start":9,"version_start_type":9,"version_end":414,"version_end_type":415,"fixed_in":9},"lt2.11.32","cpe",{"version":436,"is_range":402,"range_type":434,"version_start":437,"version_start_type":405,"version_end":422,"version_end_type":415,"fixed_in":9},"gte3.0.0_lt3.6.3","3.0.0"]