{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T06:29:22.815","vulnerabilities":[{"cve":{"id":"CVE-2026-27586","sourceIdentifier":"security-advisories@github.com","published":"2026-02-24T17:29:03.793","lastModified":"2026-02-25T17:14:19.867","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, two swallowed errors in `ClientAuthentication.provision()` cause mTLS client certificate authentication to silently fail open when a CA certificate file is missing, unreadable, or malformed. The server starts without error but accepts any client certificate signed by any system-trusted CA, completely bypassing the intended private CA trust boundary. Any deployment using `trusted_ca_cert_file` or `trusted_ca_certs_pem_files` for mTLS will silently degrade to accepting any system-trusted client certificate if the CA file becomes unavailable. This can happen due to a typo in the path, file rotation, corruption, or permission changes. The server gives no indication that mTLS is misconfigured. Version 2.11.1 fixes the vulnerability."},{"lang":"es","value":"Caddy es una plataforma de servidor extensible que usa TLS por defecto. Antes de la versión 2.11.1, dos errores silenciados en `ClientAuthentication.provision()` causan que la autenticación de certificados de cliente mTLS falle silenciosamente en modo abierto cuando un archivo de certificado de CA falta, es ilegible o está malformado. El servidor se inicia sin error pero acepta cualquier certificado de cliente firmado por cualquier CA de confianza del sistema, eludiendo completamente el límite de confianza de CA privada previsto. Cualquier despliegue que use `trusted_ca_cert_file` o `trusted_ca_certs_pem_files` para mTLS se degradará silenciosamente para aceptar cualquier certificado de cliente de confianza del sistema si el archivo de CA deja de estar disponible. Esto puede ocurrir debido a un error tipográfico en la ruta, rotación de archivos, corrupción o cambios de permisos. El servidor no da ninguna indicación de que mTLS está mal configurado. La versión 2.11.1 corrige la vulnerabilidad."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-755"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","versionEndExcluding":"2.11.1","matchCriteriaId":"9AD1B432-AFA3-4A05-A687-F6092CDB6498"}]}]}],"references":[{"url":"https://gist.github.com/moscowchill/9566c79c76c0b64c57f8bd0716f97c48","source":"security-advisories@github.com","tags":["Exploit"]},{"url":"https://github.com/caddyserver/caddy/releases/tag/v2.11.1","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/caddyserver/caddy/security/advisories/GHSA-hffm-g8v7-wrv7","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}