FIND-20260404-023 · 2026-04-04 · Innovation Veille

Traefik CVE-2026-33186 Patch Confirmed in 3.6.12 — Status Update

cve HIGH
CVE-2026-33186 (gRPC-Go path canonicalization, CRITICAL 9.3) is patched in Traefik 3.6.12, which is the current tracked version. The previous finding from 2026-04-02 noted this CVE needed SSH to srv-staging for patching. Confirm srv-staging is running 3.6.12. Traefik 3.6.12 also patches CVE-2026-33433 (STARTTLS bypass — unauthenticated client can bypass readTimeout via PostgreSQL SSLRequest prelude). Action: SSH to srv-staging and verify `traefik version` output.

Source

https://community.traefik.io/t/new-security-update-for-traefik-2-11-2-11-42-3-6-3-6-12-and-3-7-3-7-0-ea-3/29785

ODS Impact

Traefik is the ODS API Gateway on srv-staging (35.195.54.220). CVE-2026-33433 specifically targets the PostgreSQL STARTTLS handshake and could affect the Traefik TCP proxy routing to ods-postgres. Verify both CVEs are addressed and confirm currently deployed version via Coolify or SSH.

Security Review

License: MIT | Maintenance: ACTIVE | Risk: LOW | Recommendation: SAFE_TO_USE

Tags

traefik cve grpc postgresql api-gateway critical patched
Generated by ODS Innovation Veille · 2026-04-04T19:11:00+00:00