pkg:Go/github.com/caddyserver/caddy/v2

All known vulnerabilities

• CRITICAL9.8CVE-2026-27590Unicode case-folding causes incorrect split_path index in github.com/caddyserver/caddy/v2
  from 0, < 2.11.1
• CRITICAL9.8CVE-2026-27590Unicode case-folding causes incorrect split_path index in github.com/caddyserver/caddy/v2
  from 0, < 2.11.1
• CRITICAL9.1CVE-2026-27588Caddy MatchHost becomes case-sensitive in github.com/caddyserver/caddy/v2
  from 0, < 2.11.1
• CRITICAL9.1Caddy MatchHost becomes case-sensitive in github.com/caddyserver/caddy/v2
  from 0, < 2.11.1
• CRITICAL9.1Caddy MatchPath %xx branch skips case normalization in github.com/caddyserver/caddy/v2
  from 0, < 2.11.1
• CRITICAL9.1Caddy MatchPath %xx branch skips case normalization in github.com/caddyserver/caddy/v2
  from 0, < 2.11.1
• CRITICAL9.1Caddy mTLS authentication fails open in github.com/caddyserver/caddy/v2
  from 0, < 2.11.1
• CRITICAL9.1Caddy mTLS authentication fails open in github.com/caddyserver/caddy/v2
  from 0, < 2.11.1
• HIGH8.1Caddy: Unsafe Unicode Handling in FastCGI splitPos Allows Execution of Non-PHP Files
  >= 2.7.0, < 2.11.3
• HIGH8.1Caddy forward_auth copy_headers allows Identity Injection and Privilege Escalation in github.com/caddyserver/caddy
  >= 2.10.0, < 2.11.2
• MEDIUM6.5Caddy is vulnerable to cross-origin config application via local admin API /load in github.com/caddyserver/caddy/v2
  from 0, < 2.11.1
• MEDIUM6.5Caddy is vulnerable to cross-origin config application via local admin API /load in github.com/caddyserver/caddy/v2
  from 0, < 2.11.1
• MEDIUM6.5Improper sanitization of glob characters in github.com/caddyserver/caddy/v2
  from 0, < 2.11.1
• MEDIUM6.5Improper sanitization of glob characters in github.com/caddyserver/caddy/v2
  from 0, < 2.11.1
• MEDIUM6.1Open redirect in github.com/caddyserver/caddy/v2
  from 0, < 2.5.0-beta.1
• MEDIUM6.1Open redirect in github.com/caddyserver/caddy/v2
  from 0, < 2.5.0-beta.1
• MEDIUM6.1Open redirect in caddy
  from 0, < 2.5.0
• MEDIUM5.4Caddy: Remote Admin Authorization Bypass in `/config` API via Array Index Normalization
  >= 2.4.0, < 2.11.3
• —Caddy's vars_regexp double-expands user input, leaking env vars and files in github.com/caddyserver/caddy
  >= 2.7.5, < 2.11.2