CVE-2026-48491: Domain-fronted mTLS bypass in Traefik SNICheck wildcard TLSOptions
I reported a domain-fronting mTLS bypass in Traefik that was published as CVE-2026-48491 / GHSA-5r4w-85f3-pw66. The issue affected wildcard router TLSOptions on the regular HTTPS/HTTP2 path. A pro...