Exposición de Caddy

Web servers

12

score de exposición

13.276

sitios usan

0

en explotación

0

críticos

CVEs

8 resultados

CVE-2026-27590HIGHCaddy: Unicode case-folding length expansion causes incorrect split_path index (SCRIPT_NAME/PATH_INFO confusion) in FastCGI transportEPSS 0.5%CVE-2026-30852MEDIUMCaddy: vars_regexp double-expands user input, leaking env vars and filesEPSS 0.4%CVE-2026-27587HIGHCaddy: MatchPath %xx (escaped-path) branch skips case normalization, enabling path-based route/auth bypassEPSS 0.4%CVE-2026-27588HIGHCaddy: MatchHost becomes case-sensitive for large host lists (>100), enabling host-based route/auth bypassEPSS 0.4%CVE-2026-27585MEDIUMCaddy's improper sanitization of glob characters in file matcher may lead to bypassing security protectionsEPSS 0.3%CVE-2026-27586HIGHCaddy's mTLS client authentication silently fails open when CA certificate file is missing or malformedEPSS 0.3%CVE-2026-30851HIGHCaddy forward_auth copy_headers Does Not Strip Client-Supplied Headers, Allowing Identity Injection and Privilege EscalationEPSS 0.2%CVE-2026-27589MEDIUMCaddy vulnerable to cross-origin config application via local admin API /load (caddy)EPSS 0.2%

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →