StripPrefix and the One-Slash That Broke Auth: CVE-2026-48020 — Traefik Route-Level Authentication Bypass
On June 23, 2026, NIST’s National Vulnerability Database published CVE-2026-48020, a route-level authentication and authorization bypass in Traefik, the cloud-native reverse proxy and ingress controller that fronts a huge slice of the modern web (and most Kubernetes cluste…