CVE-2026-27586

A flaw was found in Caddy, an extensible server platform. Two errors in the ClientAuthentication.provision function can cause mutual Transport Layer Security mTLS client certificate authentication to silently fail open. This occurs when a Certificate Authority CA certificate file is missing,...

CVE-2026-27586

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, two swallowed errors in ClientAuthentication.provision cause mTLS client certificate authentication to silently fail open when a CA certificate file is missing, unreadable, or malformed. The server starts...