3 matches found
SUSE CVE-2026-27588
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP host request matcher is documented as case-insensitive, but when configured with a large host list 100 entries it becomes case-sensitive due to an optimized matching path. An attacker can bypass...
CVE-2026-27588
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP host request matcher is documented as case-insensitive, but when configured with a large host list 100 entries it becomes case-sensitive due to an optimized matching path. An attacker can bypass...
CVE-2026-27588
creationtimestamp| type| source ---|---|--- 2026-02-23 04:23:55+00:00| published-proof-of-concept| https://github.com/caddyserver/caddy/security/advisories/GHSA-x76f-jf84-rqj8 2026-02-25 02:40:26+00:00| seen| https://gist.github.com/alon710/0a4d2120827a83418bc6e8325fbd6767 2026-02-25...