📦 Caddy

Caddy servers with host lists exceeding 100 entries have a case-sensitivity vulnerability in the HTTP host matcher. Attackers can bypass host-based routing and access controls by manipulating the Host...

CVE-2026-27590 is a path confusion vulnerability in Caddy server's FastCGI handling that occurs when processing Unicode characters in request paths. Attackers can manipulate file execution to run non-...

CVE-2026-27586 is a critical authentication bypass vulnerability in Caddy server where mTLS client certificate authentication silently fails open when CA certificate files are missing or unreadable. T...

CVE-2023-44487 is an HTTP/2 protocol vulnerability that allows attackers to cause denial of service by rapidly resetting streams, consuming server resources. This affects any system using HTTP/2, incl...

CVE-2022-34037 is an out-of-bounds read vulnerability in Caddy web server's rewrite module that can cause denial of service. Attackers can crash the server by sending specially crafted URIs. This affe...