VDB
GO-2026-4539
GO-2026-4539
PUBLISHED
Caddy mTLS authentication fails open in github.com/caddyserver/caddy/v2
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | caddyserver/caddy/v2 | 0, 0 |
Timeline
- Feb 26, 2026 CVE Published
- Feb 26, 2026 CVE Updated
References
- https://github.com/caddyserver/caddy/security/advisories/GHSA-hffm-g8v7-wrv7 advisory
- https://github.com/caddyserver/caddy/commit/d42d39b4bc237c628f9a95363b28044cb7a7fe72 fix
- https://gist.github.com/moscowchill/9566c79c76c0b64c57f8bd0716f97c48 exploit
- https://github.com/caddyserver/caddy/releases/tag/v2.11.1 fix