pkg:Go/github.com/caddyserver/caddy/v2
19 total CVEsCRITICAL8HIGH2MEDIUM8
✅ Check your installed version
All known vulnerabilities
- CRITICAL9.8CVE-2026-27590Unicode case-folding causes incorrect split_path index in github.com/caddyserver/caddy/v2from 0, < 2.11.1
- CRITICAL9.8CVE-2026-27590Unicode case-folding causes incorrect split_path index in github.com/caddyserver/caddy/v2from 0, < 2.11.1
- from 0, < 2.11.1
- from 0, < 2.11.1
- CRITICAL9.1CVE-2026-27587Caddy MatchPath %xx branch skips case normalization in github.com/caddyserver/caddy/v2from 0, < 2.11.1
- CRITICAL9.1CVE-2026-27587Caddy MatchPath %xx branch skips case normalization in github.com/caddyserver/caddy/v2from 0, < 2.11.1
- from 0, < 2.11.1
- from 0, < 2.11.1
- HIGH8.1CVE-2026-45135Caddy: Unsafe Unicode Handling in FastCGI splitPos Allows Execution of Non-PHP Files>= 2.7.0, < 2.11.3
- HIGH8.1CVE-2026-30851Caddy forward_auth copy_headers Does Not Strip Client-Supplied Headers, Allowing Identity Injection and Privilege Escalation>= 2.10.0, < 2.11.2
- MEDIUM6.5CVE-2026-27589Caddy is vulnerable to cross-origin config application via local admin API /load in github.com/caddyserver/caddy/v2from 0, < 2.11.1
- MEDIUM6.5CVE-2026-27589Caddy is vulnerable to cross-origin config application via local admin API /load in github.com/caddyserver/caddy/v2from 0, < 2.11.1
- from 0, < 2.11.1
- from 0, < 2.11.1
- from 0, < 2.5.0-beta.1
- from 0, < 2.5.0-beta.1
- from 0, < 2.5.0
- MEDIUM5.4CVE-2026-45692Caddy: Remote Admin Authorization Bypass in `/config` API via Array Index Normalization>= 2.4.0, < 2.11.3
- >= 2.7.5, < 2.11.2