CVE-2026-25949 - Traefik: TCP readTimeout bypass via STARTTLS on Postgres

CVE ID : CVE-2026-25949 Published : Feb. 12, 2026, 8:16 p.m. | 1 hour, 47 minutes ago Description : Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.8, there is a potential vulnerability in Traefik managing STARTTLS requests. An unauthenticated client can bypass Traefik entrypoint respondingTimeouts.readTimeout by sending the 8-byte Postgres SSLRequest (STARTTLS) prelude and then stalling, causing connections to remain open indefinitely, leading to a denial of service. This vulnerability is fixed in 3.6.8. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...