pkg:Debian/caddy

All known vulnerabilities

• CRITICAL9.8CVE-2026-27590Caddy: Unicode case-folding length expansion causes incorrect split_path index in FastCGI transport
  from 0
• CRITICAL9.1CVE-2026-27588Caddy MatchHost becomes case-sensitive in github.com/caddyserver/caddy/v2
  from 0
• CRITICAL9.1CVE-2026-27587Caddy: MatchPath %xx (escaped-path) branch skips case normalization, enabling path-based route/auth bypass
  from 0
• CRITICAL9.1CVE-2026-27586Caddy mTLS authentication fails open in github.com/caddyserver/caddy/v2
  from 0
• MEDIUM6.5CVE-2026-27589Caddy is vulnerable to cross-origin config application via local admin API /load
  from 0
• MEDIUM6.5CVE-2026-27585Caddy: Improper sanitization of glob characters in file matcher may lead to bypassing security protections
  from 0
• MEDIUM6.1CVE-2022-28923Open redirect in github.com/caddyserver/caddy/v2
  from 0, < 2.5.2-1