Details of VAR-202602-3168

ID

VAR-202602-3168

CVE

CVE-2026-27585

TITLE

Light Code Labs of Caddy Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2026-005161

DESCRIPTION

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the path sanitization routine in file matcher doesn't sanitize backslashes which can lead to bypassing path related security protections. It affects users with specific Caddy and environment configurations. Version 2.11.1 fixes the issue. 2.11.1 This issue has been fixed.Some of the information handled by the software may be leaked to the outside. Also, some of the information handled by the software may be rewritten. Furthermore, the software will not stop. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2026-27585 // JVNDB: JVNDB-2026-005161

AFFECTED PRODUCTS

vendor:	caddyserver	model:	caddy	scope:	lt	version:	2.11.1	Trust: 1.0
vendor:	light code	model:	caddy	scope:	eq	version:	2.11.1	Trust: 0.8
vendor:	light code	model:	caddy	scope:	-	version:	-	Trust: 0.8
vendor:	light code	model:	caddy	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-005161 // NVD: CVE-2026-27585

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2026-27585
value:	MEDIUM
Trust: 1.0
security-advisories@github.com:	CVE-2026-27585
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2026-27585
value:	MEDIUM
Trust: 0.8

nvd@nist.gov:	CVE-2026-27585
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.5
version:	3.1
Trust: 1.0
NVD:	CVE-2026-27585
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-005161 // NVD: CVE-2026-27585 // NVD: CVE-2026-27585

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	Inappropriate input confirmation (CWE-20) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-005161 // NVD: CVE-2026-27585

PATCH

title:

Improper sanitization of glob characters in file matcher may lead to bypassing security protections Advisory caddyserver/caddy GitHub

url:

https://github.com/caddyserver/caddy/security/advisories/GHSA-4xrr-hq4w-6vf4

Trust: 0.8

sources: JVNDB: JVNDB-2026-005161

EXTERNAL IDS

db:	NVD	id:	CVE-2026-27585	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-005161	Trust: 0.8

sources: JVNDB: JVNDB-2026-005161 // NVD: CVE-2026-27585

REFERENCES

url:	https://github.com/caddyserver/caddy/blob/68d50020eef0d4c3398b878f17c8092ca5b58ca0/modules/caddyhttp/fileserver/matcher.go#l398	Trust: 1.8
url:	https://github.com/caddyserver/caddy/releases/tag/v2.11.1	Trust: 1.8
url:	https://github.com/caddyserver/caddy/blob/68d50020eef0d4c3398b878f17c8092ca5b58ca0/modules/caddyhttp/fileserver/matcher.go#l361	Trust: 1.8
url:	https://github.com/caddyserver/caddy/security/advisories/ghsa-4xrr-hq4w-6vf4	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2026-27585	Trust: 0.8

sources: JVNDB: JVNDB-2026-005161 // NVD: CVE-2026-27585

SOURCES

db:	JVNDB	id:	JVNDB-2026-005161
db:	NVD	id:	CVE-2026-27585

LAST UPDATE DATE

2026-03-03T23:27:02.870000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-005161	date:	2026-02-27T03:42:00
db:	NVD	id:	CVE-2026-27585	date:	2026-02-25T17:13:16.240

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-005161	date:	2026-02-27T00:00:00
db:	NVD	id:	CVE-2026-27585	date:	2026-02-24T17:29:03.620