Lucene search
K

5 matches found

Tenable Nessus
Tenable Nessus
added 2026/02/26 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-27589

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the local caddy admin API default listen 127.0.0.1:2019 exposes a...

8.2CVSS6AI score0.00166EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/02/24 7:37 p.m.2 views

CVE-2026-27589

A flaw was found in Caddy. The local administration API, when origin enforcement is not enabled, accepts cross-origin requests to its configuration loading endpoint. A remote attacker can exploit this by tricking a victim's browser into sending a malicious JSON configuration. This allows for...

8.2CVSS5.6AI score0.00166EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/24 4:30 p.m.21 views

CVE-2026-27589 Caddy vulnerable to cross-origin config application via local admin API /load (caddy)

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the local caddy admin API default listen 127.0.0.1:2019 exposes a state-changing POST /load endpoint that replaces the entire running configuration. When origin enforcement is not enabled enforceorigin not...

8.2CVSS0.00166EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/24 4:30 p.m.4 views

CVE-2026-27589 Caddy vulnerable to cross-origin config application via local admin API /load (caddy)

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the local caddy admin API default listen 127.0.0.1:2019 exposes a state-changing POST /load endpoint that replaces the entire running configuration. When origin enforcement is not enabled enforceorigin not...

8.2CVSS5.9AI score0.00166EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2026/02/24 4:30 p.m.5 views

CVE-2026-27589

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the local caddy admin API default listen 127.0.0.1:2019 exposes a state-changing POST /load endpoint that replaces the entire running configuration. When origin enforcement is not enabled enforceorigin not...

8.2CVSS5.2AI score0.00166EPSS
Exploits1
Rows per page
Query Builder