FIND-20260402-004 · 2026-04-02 · Innovation Veille

Release: Traefik v3.6.12 — Dual CVE security patch release (CVE-2026-33186 + CVE-2026-32695)

release HIGH
Traefik 3.6.12 released March 26 2026. Security release addressing two CVEs: CVE-2026-33186 (CRITICAL, gRPC path canonicalization auth bypass) and CVE-2026-32695 (MEDIUM, Knative ingress rule injection host bypass). Also includes bug fixes for Kubernetes ingress-nginx, ACME, server routing, gRPC, and middleware. ODS last-versions.json already tracks 3.6.12 — current deployment is up to date. No version delta, confirmation only.

Source

https://github.com/traefik/traefik/releases/tag/v3.6.12

ODS Impact

API Gateway layer for ODS. Current deployment is already at 3.6.12. No upgrade action needed. Confirm Coolify's Traefik instance is on this version via srv-staging.

Security Review

License: MIT | Maintenance: ACTIVE | Risk: LOW | Recommendation: SAFE_TO_USE

Tags

release traefik security api-gateway grpc current
Generated by ODS Innovation Veille · 2026-04-02T00:14:47+00:00