github.com/caddyserver/caddy/v2 vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-52846Mediumgithub.com/caddyserver/caddy/v2: Caddy: stripHTML template function bypassCVE-2026-52845Highgithub.com/caddyserver/caddy/v2: Caddy: FastCGI header normalization bypass in `forward_auth copy_headers`CVE-2026-52844Highgithub.com/caddyserver/caddy/v2: Caddy: Windows `file_server` path authorization bypass via encoded backslashGHSA-GX7W-56W6-G48XMediumgithub.com/caddyserver/caddy/v2: Caddy: Remote Admin Authorization Bypass on PKI Endpoints via Prefix-Based Path MatchingGHSA-WWHQ-W58M-W29CMediumgithub.com/caddyserver/caddy/v2: Caddy CVE-2026-30852 Fix BypassCVE-2026-45692Mediumgithub.com/caddyserver/caddy/v2: Caddy: Remote Admin Authorization Bypass in `/config` API via Array Index NormalizationCVE-2026-45135Highgithub.com/caddyserver/caddy/v2: Caddy: Unsafe Unicode Handling in FastCGI splitPos Allows Execution of Non-PHP FilesCVE-2026-27590Highgithub.com/caddyserver/caddy/v2: Caddy: Unicode case-folding length expansion causes incorrect split_path index in FastCGI transportCVE-2026-27589Mediumgithub.com/caddyserver/caddy/v2: Caddy is vulnerable to cross-origin config application via local admin API /load CVE-2026-27588Highgithub.com/caddyserver/caddy/v2: Caddy: MatchHost becomes case-sensitive for large host lists (>100), enabling host-based route/auth…CVE-2026-27587Highgithub.com/caddyserver/caddy/v2: Caddy: MatchPath %xx (escaped-path) branch skips case normalization, enabling path-based route/auth…CVE-2026-27586Highgithub.com/caddyserver/caddy/v2: Caddy: mTLS client authentication silently fails open when CA certificate file is missing or…CVE-2026-27585Mediumgithub.com/caddyserver/caddy/v2: Caddy: Improper sanitization of glob characters in file matcher may lead to bypassing security…CVE-2022-28923Mediumgithub.com/caddyserver/caddy/v2: Open Redirect in CaddyCVE-2022-29718Mediumgithub.com/caddyserver/caddy: Open redirect in caddy

Stop the waste.
Protect your environment with Kodem.