目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

caddyserver 厂商漏洞列表 / CVE 中文分析 8

caddyserver 厂商相关 8 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

Caddy 是一个开源的 Web 服务器,以自动 HTTPS 和简洁配置著称。历史上,其漏洞主要涉及路径遍历、RCE 和配置问题,多源于输入验证不足或权限管理缺陷。尽管存在安全风险,Caddy 的设计强调默认安全性和自动证书管理,减少了人为配置错误。截至最新统计,该项目已记录 8 条 CVE,提醒用户及时更新以防范已知漏洞。

上位製品 caddyserver: caddy
CVE IDタイトルCVSS深刻度公開日
CVE-2026-30851 Caddy forward_auth copy_headers Does Not Strip Client-Supplied Headers, Allowing Identity Injection and Privilege Escalation — caddyCWE-287 8.1 High2026-03-07
CVE-2026-30852 Caddy: vars_regexp double-expands user input, leaking env vars and files — caddyCWE-200 9.1 -2026-03-07
CVE-2026-27590 Caddy: Unicode case-folding length expansion causes incorrect split_path index (SCRIPT_NAME/PATH_INFO confusion) in FastCGI transport — caddyCWE-20 9.8 -2026-02-24
CVE-2026-27589 Caddy vulnerable to cross-origin config application via local admin API /load (caddy) — caddyCWE-352 6.5 -2026-02-24
CVE-2026-27588 Caddy: MatchHost becomes case-sensitive for large host lists (>100), enabling host-based route/auth bypass — caddyCWE-178 9.1 -2026-02-24
CVE-2026-27587 Caddy: MatchPath %xx (escaped-path) branch skips case normalization, enabling path-based route/auth bypass — caddyCWE-178 9.1 -2026-02-24
CVE-2026-27586 Caddy's mTLS client authentication silently fails open when CA certificate file is missing or malformed — caddyCWE-755 8.2 -2026-02-24
CVE-2026-27585 Caddy's improper sanitization of glob characters in file matcher may lead to bypassing security protections — caddyCWE-20 9.1 -2026-02-24

本页汇总了 caddyserver 厂商截至目前公开的全部 8 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。