PT-2026-40295

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...

CVE-2026-6735 XSS within PHP-FPM status endpoint

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...

PT-2026-37205

Name of the Vulnerable Software and Affected Versions AzuraCast versions prior to 0.23.6 Description The ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header without a trusted proxy allowlist. An unauthenticated attacker can exploit this by injecting...

Path Confusion

Caddy is vulnerable to Path Confusion. The vulnerability is due to incorrect path splitting logic in FastCGI processing, where strings.ToLower is applied before computing byte offsets, causing incorrect SCRIPTNAME, SCRIPTFILENAME, and PATHINFO values for certain Unicode paths and potentially...

Allocation of Resources Without Limits or Throttling

Overview concrete5/concrete5 is a concrete5 open source CMS. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the File Manager’s bulk download functionality due to improper memory management when creating zip archives. An attacker can cau...

SUSE CVE-2026-27590

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's FastCGI path splitting logic computes the split index on a lowercased copy of the request path and then uses that byte index to slice the original path. This is unsafe for Unicode because...

Incorrect Behavior Order: Validate Before Canonicalize

Overview Affected versions of this package are vulnerable to Incorrect Behavior Order: Validate Before Canonicalize via the splitPos function. An attacker can cause unintended execution of files by crafting URLs with specific Unicode characters that manipulate the path splitting logic, potentiall...

GHSA-5R3V-VC8M-M96G Caddy: Unicode case-folding length expansion causes incorrect split_path index in FastCGI transport

Summary Caddy's FastCGI path splitting logic computes the split index on a lowercased copy of the request path and then uses that byte index to slice the original path. This is unsafe for Unicode because strings.ToLower can change UTF-8 byte length for some characters. As a result, Caddy can deri...

Caddy: Unicode case-folding length expansion causes incorrect split_path index in FastCGI transport

Summary Caddy's FastCGI path splitting logic computes the split index on a lowercased copy of the request path and then uses that byte index to slice the original path. This is unsafe for Unicode because strings.ToLower can change UTF-8 byte length for some characters. As a result, Caddy can deri...

UBUNTU-CVE-2026-27590

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's FastCGI path splitting logic computes the split index on a lowercased copy of the request path and then uses that byte index to slice the original path. This is unsafe for Unicode because...

CVE-2026-27590

Caddy prior to 2.11.1 is affected. The FastCGI path-splitting logic lowercased the request path to compute a split index, then used that index on the original path; Unicode can change byte length after lowercasing, causing SCRIPT_NAME/SCRIPT_FILENAME and PATH_INFO misalignment. This path confusio...

CVE-2026-27590

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's FastCGI path splitting logic computes the split index on a lowercased copy of the request path and then uses that byte index to slice the original path. This is unsafe for Unicode because...

CVE-2026-27590 Caddy: Unicode case-folding length expansion causes incorrect split_path index (SCRIPT_NAME/PATH_INFO confusion) in FastCGI transport

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's FastCGI path splitting logic computes the split index on a lowercased copy of the request path and then uses that byte index to slice the original path. This is unsafe for Unicode because...

CVE-2026-27590 Caddy: Unicode case-folding length expansion causes incorrect split_path index (SCRIPT_NAME/PATH_INFO confusion) in FastCGI transport

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's FastCGI path splitting logic computes the split index on a lowercased copy of the request path and then uses that byte index to slice the original path. This is unsafe for Unicode because...

CVE-2026-27590 Caddy: Unicode case-folding length expansion causes incorrect split_path index (SCRIPT_NAME/PATH_INFO confusion) in FastCGI transport

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's FastCGI path splitting logic computes the split index on a lowercased copy of the request path and then uses that byte index to slice the original path. This is unsafe for Unicode because...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: fcgi (UTSA-2026-005213)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005213 advisory. FastCGI fcgi2 aka fcgi 2.x through 2.4.4 has an integer overflow and resultant heap-based buffer overflow via crafted nameLen or valueLen values in data to the IPC...

MiracleLinux 8 : perl-FCGI:0.78 (AXSA:2025-10019:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10019:01 advisory. perl-fcgi: FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 aka fcgi library CVE-2025-40907 Tenable has extracte...

MiracleLinux 8 : php:8.2 (AXSA:2024-9505:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9505:01 advisory. php: host/secure cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756 php: passwordverify can erroneously return true, opening ATO risk...

MiracleLinux 9 : haproxy-2.4.22-1.el9 (AXSA:2023-6671:04)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-6671:04 advisory. haproxy: data leak via fcgi requests CVE-2023-0836 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory. No...

MiracleLinux 8 : perl-FCGI:0.78 (AXSA:2025-10018:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10018:01 advisory. perl-fcgi: FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 aka fcgi library CVE-2025-40907 Tenable has extracte...