ID

VAR-202606-4388


CVE

CVE-2026-45692


TITLE

Light Code Labs of Caddy Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2026-021345

DESCRIPTION

Caddy is an extensible server platform that uses TLS by default. From 2.4.0 until 2.11.3, the authorization layer and the /config traversal layer do not agree on what object the path refers to. In this case, a path authorized for one config object is accepted, but then resolves to a different config object during traversal. This happens because the authorization layer uses string prefix matching and the /config traversal layer parses array indices numerically using strconv.Atoi(). This vulnerability is fixed in 2.11.3. 2.11.3 Fixed in- Some of the information handled by the software may be leaked to external parties. - Some of the information handled by the software may be overwritten. - The software will not stop

Trust: 1.62

sources: NVD: CVE-2026-45692 // JVNDB: JVNDB-2026-021345

AFFECTED PRODUCTS

vendor:caddyservermodel:caddyscope:gteversion:2.4.0

Trust: 1.0

vendor:caddyservermodel:caddyscope:ltversion:2.11.3

Trust: 1.0

vendor:light codemodel:caddyscope: - version: -

Trust: 0.8

vendor:light codemodel:caddyscope:eqversion:2.4.0 that's all 2.11.3

Trust: 0.8

vendor:light codemodel:caddyscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2026-021345 // NVD: CVE-2026-45692

CVSS

SEVERITY

CVSSV2

CVSSV3

security-advisories@github.com: CVE-2026-45692
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2026-45692
value: LOW

Trust: 1.0

NVD: CVE-2026-45692
value: LOW

Trust: 0.8

security-advisories@github.com: CVE-2026-45692
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2026-45692
baseSeverity: LOW
baseScore: 3.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 2.5
version: 3.1

Trust: 1.0

NVD: CVE-2026-45692
baseSeverity: LOW
baseScore: 3.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2026-021345 // NVD: CVE-2026-45692 // NVD: CVE-2026-45692

PROBLEMTYPE DATA

problemtype:CWE-187

Trust: 1.0

problemtype:CWE-863

Trust: 1.0

problemtype:Comparing partial strings (CWE-187) [ others ]

Trust: 0.8

problemtype: Illegal authentication (CWE-863) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2026-021345 // NVD: CVE-2026-45692

PATCH

title:Remote Admin Authorization Bypass in `/config` API via Array Index Normalization  Advisory  caddyserver/caddy  GitHuburl:https://github.com/caddyserver/caddy/security/advisories/GHSA-x5w9-xh9r-mvfc

Trust: 0.8

sources: JVNDB: JVNDB-2026-021345

EXTERNAL IDS

db:NVDid:CVE-2026-45692

Trust: 2.6

db:JVNDBid:JVNDB-2026-021345

Trust: 0.8

sources: JVNDB: JVNDB-2026-021345 // NVD: CVE-2026-45692

REFERENCES

url:https://github.com/caddyserver/caddy/security/advisories/ghsa-x5w9-xh9r-mvfc

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2026-45692

Trust: 0.8

sources: JVNDB: JVNDB-2026-021345 // NVD: CVE-2026-45692

SOURCES

db:JVNDBid:JVNDB-2026-021345
db:NVDid:CVE-2026-45692

LAST UPDATE DATE

2026-06-30T23:29:33.336000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2026-021345date:2026-06-29T02:17:00
db:NVDid:CVE-2026-45692date:2026-06-26T19:16:40.643

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2026-021345date:2026-06-29T00:00:00
db:NVDid:CVE-2026-45692date:2026-06-23T18:17:59.080