Lucene search
K

5 matches found

NVD
NVD
added 2026/06/23 6:18 p.m.10 views

CVE-2026-52845

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, forwardauth copyheaders deletes the exact client-supplied identity header before copying the trusted value from the auth gateway. But when the request later goes through phpfastcgi, Caddy normalizes HTTP headers int...

8.1CVSS0.00246EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/06/23 5:52 p.m.5 views

CVE-2026-52845

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, forwardauth copyheaders deletes the exact client-supplied identity header before copying the trusted value from the auth gateway. But when the request later goes through phpfastcgi, Caddy normalizes HTTP headers int...

8.1CVSS5.9AI score0.00246EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/23 5:52 p.m.40 views

CVE-2026-52845 Caddy: FastCGI header normalization bypass in `forward_auth copy_headers`

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, forwardauth copyheaders deletes the exact client-supplied identity header before copying the trusted value from the auth gateway. But when the request later goes through phpfastcgi, Caddy normalizes HTTP headers int...

8.1CVSS0.00246EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/06/23 5:52 p.m.10 views

CVE-2026-52845

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, forwardauth copyheaders deletes the exact client-supplied identity header before copying the trusted value from the auth gateway. But when the request later goes through phpfastcgi, Caddy normalizes HTTP headers int...

8.1CVSS5.9AI score0.00246EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2026/06/16 9:28 p.m.10 views

Caddy: FastCGI header normalization bypass in `forward_auth copy_headers`

Summary forwardauth copyheaders deletes the exact client-supplied identity header before copying the trusted value from the auth gateway. But when the request later goes through phpfastcgi, Caddy normalizes HTTP headers into CGI variables by replacing - with . This lets a client send an underscor...

8.1CVSS5.5AI score0.00246EPSS
Exploits1References2Affected Software2
Rows per page
Query Builder