8 matches found
SUSE CVE-2026-27585
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the path sanitization routine in file matcher doesn't sanitize backslashes which can lead to bypassing path related security protections. It affects users with specific Caddy and environment configurations...
Caddy: Improper sanitization of glob characters in file matcher may lead to bypassing security protections
Summary The path sanitization in file matcher doesn't sanitize backslashes which can lead to bypassing path related security protections. Details The tryfiles directive is used to rewrite the request uri. It accepts a list of patterns and checks if any files exist in the root that match the...
GHSA-4XRR-HQ4W-6VF4 Caddy: Improper sanitization of glob characters in file matcher may lead to bypassing security protections
Summary The path sanitization in file matcher doesn't sanitize backslashes which can lead to bypassing path related security protections. Details The tryfiles directive is used to rewrite the request uri. It accepts a list of patterns and checks if any files exist in the root that match the...
CVE-2026-27585
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the path sanitization routine in file matcher doesn't sanitize backslashes which can lead to bypassing path related security protections. It affects users with specific Caddy and environment configurations...
CVE-2026-27585 Caddy's improper sanitization of glob characters in file matcher may lead to bypassing security protections
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the path sanitization routine in file matcher doesn't sanitize backslashes which can lead to bypassing path related security protections. It affects users with specific Caddy and environment configurations...
CVE-2026-27585
CVE-2026-27585 affects Caddy prior to 2.11.1 due to improper sanitization of backslashes in the file matcher’s path sanitization routine, which can bypass path-related security protections. The issue is fixed in version 2.11.1. Affected environment/configurations are specified as requiring cautio...
CVE-2026-27585 Caddy's improper sanitization of glob characters in file matcher may lead to bypassing security protections
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the path sanitization routine in file matcher doesn't sanitize backslashes which can lead to bypassing path related security protections. It affects users with specific Caddy and environment configurations...
Caddy 输入验证错误漏洞
Caddy is an open-source, cross-platform HTTP/Web server developed by the Caddy company. Versions of Caddy prior to 2.11.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from the path cleaner in the file matcher not clearing backslashes properly, which cou...