Unrated severityNVD Advisory· Published Jun 23, 2026· Updated Jun 23, 2026

Traefik - Denial of Service via HTTP/2 Request Handling

CVE-2023-54365

Description

Traefik before 2.10.5 and 3.0.0-beta4 is affected by a denial-of-service vulnerability in HTTP/2 request handling inherited from the Go standard library's HTTP/2 implementation (CVE-2023-44487 / CVE-2023-39325, the 'Rapid Reset' technique). A remote attacker can rapidly create and cancel HTTP/2 streams to exhaust server resources and cause service unavailability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Traefik/Traefikllm-fuzzy
Range: before 2.10.5 and 3.0.0-beta4

Patches

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

github.com/traefik/traefik/security/advisories/GHSA-7v4p-328v-8v5gmitrevendor-advisory
www.vulncheck.com/advisories/traefik-denial-of-service-via-http-2-request-handlingmitrethird-party-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000