git: 9702ad1b7508 - main - security/vuxml: Document multiple vulnerabilities in traefik

The branch main has been updated by riggs:

URL: https://cgit.FreeBSD.org/ports/commit/?id=9702ad1b7508d5b3a1d5d80724b4070b00102ba1

commit 9702ad1b7508d5b3a1d5d80724b4070b00102ba1
Author:     Thomas Zander <riggs@FreeBSD.org>
AuthorDate: 2026-03-29 11:48:50 +0000
Commit:     Thomas Zander <riggs@FreeBSD.org>
CommitDate: 2026-03-29 11:48:50 +0000

    security/vuxml: Document multiple vulnerabilities in traefik
---
 security/vuxml/vuln/2026.xml | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml
index 830f0303dfa3..4221b4e43b5e 100644
--- a/security/vuxml/vuln/2026.xml
+++ b/security/vuxml/vuln/2026.xml
@@ -1,3 +1,33 @@
+  <vuln vid="09e36f7e-2b5b-11f1-852e-5404a68ad561">
+    <topic>traefik -- Multiple vulnerabilities</topic>
+    <affects>
+<package>
+<name>traefik</name>
+<range><lt>3.6.12</lt></range>
+</package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>The traefik project releases a new version addressing multiple CVEs:</p>
+	<blockquote cite="https://github.com/traefik/traefik/releases/tag/v3.6.12">
+	  <ul>
+	    <li>CVE-2026-33433 (BasicAuth/DigestAuth Identity Spoofing via Non-Canonical headerField)</li>
+	    <li>CVE-2026-33186 (authorization bypass via missing leading slash in :path)</li>
+	  </ul>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2026-33433</cvename>
+      <cvename>CVE-2026-33186</cvename>
+      <url>https://github.com/traefik/traefik/releases/tag/v3.6.12</url>
+    </references>
+    <dates>
+      <discovery>2026-03-26</discovery>
+      <entry>2026-03-29</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="095e9db2-2b5b-11f1-9839-8447094a420f">
     <topic>Roundcube -- SVG Attribute Bypass</topic>
     <affects>