Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN167
_____________________________________________________________________

DATE                : 13/02/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Traefik versions prior
                                 to 2.6.1, 3.0.0-beta.3.

=====================================================================
https://github.com/traefik/traefik/security/advisories/GHSA-89p3-4642-cr2w
_____________________________________________________________________


TCP readTimeout bypass via STARTTLS on Postgres
High
nmengin published GHSA-89p3-4642-cr2w Feb 12, 2026

Package
Traefik (Go)

Affected versions
<= v3.6.7

Patched versions
v3.6.8


Description

Impact

There is a potential vulnerability in Traefik managing STARTTLS 
requests.

An unauthenticated client can bypass Traefik entrypoint 
respondingTimeouts.readTimeout by sending the 8-byte Postgres 
SSLRequest (STARTTLS) prelude and then stalling, causing connections 
to remain open indefinitely, leading to a denial of service.


Patches

    https://github.com/traefik/traefik/releases/tag/v3.6.8

For more information

If you have any questions or comments about this advisory, please open 
an issue.


Original Description

Severity
High
7.5/ 10

CVSS v3 base metrics
Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE ID
CVE-2026-25949

Weaknesses
No CWEs

Credits

    @manizada manizada Reporter



=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================