9 matches found
CVE-2026-52845
A flaw was found in Caddy, an extensible server platform. A remote attacker can exploit a vulnerability in the forwardauth copyheaders functionality. This occurs because Caddy normalizes HTTP headers into Common Gateway Interface CGI variables by replacing hyphens with underscores, allowing a...
CVE-2026-52845
Summary (CVE-2026-52845): Caddy 2.11.x contains a bypass in forward_auth copy_headers where, prior to 2.11.4, the exact client-supplied header was deleted but HTTP header names are later normalized to CGI variables, allowing an underscore alias to collide with a trusted header in FastCGI backends...
CVE-2026-30851
Caddy is an extensible server platform that uses TLS by default. From version 2.10.0 to before version 2.11.2, forwardauth copyheaders does not strip client-supplied headers, allowing identity injection and privilege escalation. This issue has been patched in version 2.11.2...
CVE-2026-30851
CVE-2026-30851 (Caddy) affects Caddy server up to version 2.11.2. The issue is in forward_auth copy_headers, which fails to strip client-supplied headers, enabling identity injection and privilege escalation. This vulnerability is grounded in the component/behavior described across multiple sourc...
CVE-2026-30851 Caddy forward_auth copy_headers Does Not Strip Client-Supplied Headers, Allowing Identity Injection and Privilege Escalation
Caddy is an extensible server platform that uses TLS by default. From version 2.10.0 to before version 2.11.2, forwardauth copyheaders does not strip client-supplied headers, allowing identity injection and privilege escalation. This issue has been patched in version 2.11.2...
CVE-2026-30851 Caddy forward_auth copy_headers Does Not Strip Client-Supplied Headers, Allowing Identity Injection and Privilege Escalation
Caddy is an extensible server platform that uses TLS by default. From version 2.10.0 to before version 2.11.2, forwardauth copyheaders does not strip client-supplied headers, allowing identity injection and privilege escalation. This issue has been patched in version 2.11.2...
CVE-2026-30851
Caddy is an extensible server platform that uses TLS by default. From version 2.10.0 to before version 2.11.2, forwardauth copyheaders does not strip client-supplied headers, allowing identity injection and privilege escalation. This issue has been patched in version 2.11.2...
Caddy forward_auth copy_headers Does Not Strip Client-Supplied Headers, Allowing Identity Injection and Privilege Escalation
Summary Caddy's forwardauth directive with copyheaders generates conditional header-set operations that only fire when the upstream auth service includes the named header in its response. No delete or remove operation is generated for the original client-supplied request header with the same name...
PT-2026-23796
Name of the Vulnerable Software and Affected Versions Caddy versions 2.10.0 through 2.11.1 Description Caddy is a server platform that utilizes TLS by default. A flaw exists in the forward auth functionality where the copy headers option fails to remove headers provided by the client. This can le...