Caddy
Security Risk Profile
38
/100
lowSecurity Risk Score
Comprehensive risk assessment based on 3 vulnerabilities, EPSS scores, exploitation status, and remediation availability.
📅 Data spans from October 10, 2023 to present
3
Total CVEs
1
Critical+High
0
Exploited
0
Unpatched
Threat Assessment
Avg CVSS
8
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
0
Critical/High
Risk Level
38/100
low
Severity Distribution
Critical
1High
0Medium
1Low
0Exploit Likelihood
>50% chance
020-50%
05-20%
0<5%
2Age Distribution
Common Weaknesses (CWE)
1
Input Validation
1
Most Affected Products
1. Caddy Caddy3
2. caddyserver Caddy2
3. go/github.com/caddyserver/caddy/v22
4. go/github.com/caddyserver/caddy/v2/modules/caddytls1
5. go/github.com/caddyserver/caddy/v2/modules/caddyhttp/fileserver1
Recent Vulnerabilities
See more →CVE-2026-27586
CVSS 9.1EPSS 0%critical
Caddy's mTLS client authentication silently fails open when CA certificate file is missing or malformed
2/24/2026
CVE-2026-27585
CVSS 6.9EPSS 0%medium
Caddy's improper sanitization of glob characters in file matcher may lead to bypassing security protections
2/24/2026
https://seclists.org/oss-sec/2023/q4/75
unknown
CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations
10/10/2023🔧 No Patch
Monitor Caddy in Real-Time
Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.