CVE-2026-27585 - Caddy's improper sanitization of glob characters in file matcher may lead to byp...

CVE ID : CVE-2026-27585 Published : Feb. 24, 2026, 5:29 p.m. | 1 hour, 3 minutes ago Description : Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the path sanitization routine in file matcher doesn't sanitize backslashes which can lead to bypassing path related security protections. It affects users with specific Caddy and environment configurations. Version 2.11.1 fixes the issue. Severity: 6.9 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...