Known Vulnerabilities for Traffic Server by Apache
Listed below are 10 of the newest known vulnerabilities associated with "Traffic Server" by "Apache".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-28367 | A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminat... | Not Provided | 2026-03-27 | 2026-04-01 |
| CVE-2026-26055 | Yoke is a Helm-inspired infrastructure-as-code (IaC) package deployer. In 0.19.0 and earlier, a vulnerability exists in the A... | Not Provided | 2026-02-12 | 2026-02-12 |
| CVE-2025-65114 | Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server... | Not Provided | 2026-04-02 | 2026-04-02 |
| CVE-2025-58136 | A bug in POST request handling causes a crash under a certain condition. This issue affects Apache Traffic Server: from 10.0... | Not Provided | 2026-04-02 | 2026-04-02 |
| CVE-2025-53521 | When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Executi... | Not Provided | 2025-10-15 | 2026-03-31 |
| CVE-2025-9293 | A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server... | Not Provided | 2026-02-13 | 2026-02-13 |
| CVE-2021-37150 | Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resou... | 7.5 - HIGH | 2022-08-10 | 2023-11-07 |
| CVE-2021-37149 | Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. Th... | 7.5 - HIGH | 2021-11-03 | 2022-10-14 |
| CVE-2021-37148 | Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. Th... | 7.5 - HIGH | 2021-11-03 | 2022-10-14 |
| CVE-2021-37147 | Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. Th... | 7.5 - HIGH | 2021-11-03 | 2022-10-14 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Traffic Server | 9.0.0 | - | All | All |
| Application | Apache | Traffic Server | 9.0.0 | rc0 | All | All |
| Application | Apache | Traffic Server | 9.0.0 | rc1 | All | All |
| Application | Apache | Traffic Server | 8.1.1 | - | All | All |
| Application | Apache | Traffic Server | 8.1.1 | rc0 | All | All |
| Application | Apache | Traffic Server | 8.1.0 | - | All | All |
| Application | Apache | Traffic Server | 8.1.0 | rc0 | All | All |
| Application | Apache | Traffic Server | 8.0.8 | - | All | All |
| Application | Apache | Traffic Server | 8.0.8 | rc0 | All | All |
| Application | Apache | Traffic Server | 8.0.7 | All | All | All |
| Application | Apache | Traffic Server | 8.0.7 | - | All | All |
| Application | Apache | Traffic Server | 8.0.7 | rc0 | All | All |
| Application | Apache | Traffic Server | 8.0.6 | All | All | All |
| Application | Apache | Traffic Server | 8.0.6 | - | All | All |
| Application | Apache | Traffic Server | 8.0.6 | rc0 | All | All |
| Application | Apache | Traffic Server | 8.0.6 | rc1 | All | All |
| Application | Apache | Traffic Server | 8.0.5 | All | All | All |
| Application | Apache | Traffic Server | 8.0.4 | All | All | All |
| Application | Apache | Traffic Server | 8.0.4 | - | All | All |
| Application | Apache | Traffic Server | 8.0.4 | rc0 | All | All |