2 matches found
CVE-2026-27586
Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, two swallowed errors in ClientAuthentication.provision cause mTLS client certificate authentication to silently fail open when a CA certificate file is missing, unreadable, or malformed. The server starts...
PT-2026-21768
Name of the Vulnerable Software and Affected Versions Caddy versions prior to 2.11.1 Description Caddy, an extensible server platform that uses TLS by default, has an issue where mTLS client certificate authentication can silently fail open under certain conditions. Specifically, if a CA...