Exposição de Caddy
Web servers12
score de exposição
13.276
sites usam
0
em exploração
0
críticos
CVEs
8 resultadosCVE-2026-27590HIGHCaddy: Unicode case-folding length expansion causes incorrect split_path index (SCRIPT_NAME/PATH_INFO confusion) in FastCGI transportEPSS 0.5%CVE-2026-30852MEDIUMCaddy: vars_regexp double-expands user input, leaking env vars and filesEPSS 0.4%CVE-2026-27587HIGHCaddy: MatchPath %xx (escaped-path) branch skips case normalization, enabling path-based route/auth bypassEPSS 0.4%CVE-2026-27588HIGHCaddy: MatchHost becomes case-sensitive for large host lists (>100), enabling host-based route/auth bypassEPSS 0.4%CVE-2026-27585MEDIUMCaddy's improper sanitization of glob characters in file matcher may lead to bypassing security protectionsEPSS 0.3%CVE-2026-27586HIGHCaddy's mTLS client authentication silently fails open when CA certificate file is missing or malformedEPSS 0.3%CVE-2026-30851HIGHCaddy forward_auth copy_headers Does Not Strip Client-Supplied Headers, Allowing Identity Injection and Privilege EscalationEPSS 0.2%CVE-2026-27589MEDIUMCaddy vulnerable to cross-origin config application via local admin API /load (caddy)EPSS 0.2%
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →