Known Vulnerabilities for Caddy by Caddyserver
Listed below are 5 of the newest known vulnerabilities associated with "Caddy" by "Caddyserver".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-52846 json | Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, Caddy’s stripHTML template function canno... | Not Provided | 2026-06-23 | 2026-06-23 |
| CVE-2026-52845 json | Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, forward_auth copy_headers deletes the exact... | Not Provided | 2026-06-23 | 2026-06-23 |
| CVE-2026-52844 json | Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, on Windows, Caddy path matchers treat /priv... | Not Provided | 2026-06-23 | 2026-06-23 |
| CVE-2026-45692 json | Caddy is an extensible server platform that uses TLS by default. From 2.4.0 until 2.11.3, the authorization layer and the /co... | Not Provided | 2026-06-23 | 2026-06-23 |
| CVE-2026-45135 json | Caddy is an extensible server platform that uses TLS by default. From 2.7.0 until 2.11.3, the FastCGI transport's splitPos() ... | Not Provided | 2026-06-23 | 2026-06-23 |
| CVE-2023-49854 json | Cross-Site Request Forgery (CSRF) vulnerability in Tribe Interactive Caddy – Smart Side Cart for WooCommerce.This issue aff... | Not Provided | 2023-12-18 | 2026-04-28 |
| CVE-2022-34037 json | An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to ca... | 7.5 - HIGH | 2022-07-22 | 2022-07-28 |
| CVE-2022-29718 json | Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulne... | 6.1 - MEDIUM | 2022-06-02 | 2023-11-07 |
| CVE-2022-28923 json | Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing... | 6.1 - MEDIUM | 2023-02-06 | 2023-02-14 |
| CVE-2018-21246 json | Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of ... | 9.8 - CRITICAL | 2020-06-15 | 2020-06-26 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Caddyserver | Caddy | 0.9.5 | |||
| Application | Caddyserver | Caddy | 0.9.4 | |||
| Application | Caddyserver | Caddy | 0.9.3 | |||
| Application | Caddyserver | Caddy | 0.9.2 | |||
| Application | Caddyserver | Caddy | 0.9.1 | |||
| Application | Caddyserver | Caddy | 0.9.0 | |||
| Application | Caddyserver | Caddy | 0.8.3 | |||
| Application | Caddyserver | Caddy | 0.8.2 | |||
| Application | Caddyserver | Caddy | 0.8.1 | |||
| Application | Caddyserver | Caddy | 0.8.0 | |||
| Application | Caddyserver | Caddy | 0.7.6 | |||
| Application | Caddyserver | Caddy | 0.7.5 | |||
| Application | Caddyserver | Caddy | 0.7.4 | |||
| Application | Caddyserver | Caddy | 0.7.3 | |||
| Application | Caddyserver | Caddy | 0.7.2 | |||
| Application | Caddyserver | Caddy | 0.7.1 | |||
| Application | Caddyserver | Caddy | 0.7.0 | |||
| Application | Caddyserver | Caddy | 0.6.0 | |||
| Application | Caddyserver | Caddy | 0.5.1 | |||
| Application | Caddyserver | Caddy | 0.5.0 |