SecAlerts
CVE ListPricingSign Up
Caddy logo

Caddy

Security Risk Profile

38
/100
low

Security Risk Score

Comprehensive risk assessment based on 3 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from October 10, 2023 to present

3
Total CVEs
1
Critical+High
0
Exploited
0
Unpatched

Threat Assessment

Avg CVSS
8
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
0
Critical/High
Risk Level
38/100
low

Severity Distribution

Critical
1
High
0
Medium
1
Low
0

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
0
<5%
2

Age Distribution

Common Weaknesses (CWE)

1
Input Validation
1

Most Affected Products

1. Caddy Caddy3
2. caddyserver Caddy2
3. go/github.com/caddyserver/caddy/v22
4. go/github.com/caddyserver/caddy/v2/modules/caddytls1
5. go/github.com/caddyserver/caddy/v2/modules/caddyhttp/fileserver1

Recent Vulnerabilities

See more →
CVE-2026-27586
CVSS 9.1EPSS 0%critical

Caddy's mTLS client authentication silently fails open when CA certificate file is missing or malformed

2/24/2026
CVE-2026-27585
CVSS 6.9EPSS 0%medium

Caddy's improper sanitization of glob characters in file matcher may lead to bypassing security protections

2/24/2026
https://seclists.org/oss-sec/2023/q4/75
unknown

CVE-2023-44487: HTTP/2 Rapid Reset attack against many implementations

10/10/2023🔧 No Patch

Monitor Caddy in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.

Caddy Security Vulnerabilities & Risk Score | 3 CVEs | SecAlerts - SecAlerts