FIND-20260408-001 · 2026-04-08 · Innovation Veille

Traefik v3.6.13 released — patch day after CVE-2026-33186

release HIGH
Traefik v3.6.13 was released on April 7, 2026, one day after the critical CVE-2026-33186 (gRPC authorization bypass, CVSS 7.8) was patched in v3.6.12. v3.6.13 adds a compression middleware bug fix and documentation improvements. ODS was already protected by the CVE patch in v3.6.12 (last updated 2026-04-06). Upgrading to v3.6.13 is recommended to pick up the compression fix.

Source

https://github.com/traefik/traefik/releases/tag/v3.6.13

ODS Impact

API Gateway (Traefik) — all ODS services route through Traefik. No security regression; upgrade is routine maintenance. Compression middleware fix may affect services using gzip/zstd response compression.

Security Review

License: MIT | Maintenance: ACTIVE | Risk: LOW | Recommendation: SAFE_TO_USE

Tags

traefik api-gateway release infrastructure
Generated by ODS Innovation Veille · 2026-04-08T02:41:05+00:00