pkg:Go/github.com/caddyserver/caddy/v2
共 19 筆 CVECRITICAL8HIGH2MEDIUM8
✅ 檢查你的版本
所有已知漏洞
- CRITICAL9.8CVE-2026-27590Caddy: Unicode case-folding length expansion causes incorrect split_path index in FastCGI transportfrom 0, < 2.11.1
- CRITICAL9.8CVE-2026-27590Caddy: Unicode case-folding length expansion causes incorrect split_path index in FastCGI transportfrom 0, < 2.11.1
- from 0, < 2.11.1
- from 0, < 2.11.1
- CRITICAL9.1CVE-2026-27587Caddy: MatchPath %xx (escaped-path) branch skips case normalization, enabling path-based route/auth bypassfrom 0, < 2.11.1
- CRITICAL9.1CVE-2026-27587Caddy: MatchPath %xx (escaped-path) branch skips case normalization, enabling path-based route/auth bypassfrom 0, < 2.11.1
- from 0, < 2.11.1
- from 0, < 2.11.1
- HIGH8.1CVE-2026-45135Caddy: Unsafe Unicode Handling in FastCGI splitPos Allows Execution of Non-PHP Files>= 2.7.0, < 2.11.3
- HIGH8.1CVE-2026-30851Caddy forward_auth copy_headers Does Not Strip Client-Supplied Headers, Allowing Identity Injection and Privilege Escalation>= 2.10.0, < 2.11.2
- MEDIUM6.5CVE-2026-27589Caddy is vulnerable to cross-origin config application via local admin API /loadfrom 0, < 2.11.1
- MEDIUM6.5CVE-2026-27589Caddy is vulnerable to cross-origin config application via local admin API /loadfrom 0, < 2.11.1
- MEDIUM6.5CVE-2026-27585Caddy: Improper sanitization of glob characters in file matcher may lead to bypassing security protectionsfrom 0, < 2.11.1
- MEDIUM6.5CVE-2026-27585Caddy: Improper sanitization of glob characters in file matcher may lead to bypassing security protectionsfrom 0, < 2.11.1
- from 0, < 2.5.0-beta.1
- from 0, < 2.5.0-beta.1
- from 0, < 2.5.0
- MEDIUM5.4CVE-2026-45692Caddy: Remote Admin Authorization Bypass in `/config` API via Array Index Normalization>= 2.4.0, < 2.11.3
- >= 2.7.5, < 2.11.2