2488503 – CVE-2026-27586 caddy: Caddy: Authentication bypass via mTLS client certificate validation failure [fedora-all]

Bug 2488503 - CVE-2026-27586 caddy: Caddy: Authentication bypass via mTLS client certificate validation failure [fedora-all]

Summary: CVE-2026-27586 caddy: Caddy: Authentication bypass via mTLS client certificat...

Keywords:
Status:	ASSIGNED
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	caddy
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Carl George 🤠
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:	{"flaws": ["031d85e7-1f7e-40ef-a319-2...
Depends On:
Blocks:	CVE-2026-27586
TreeView+	depends on / blocked

Reported:	2026-06-12 19:32 UTC by Carl George 🤠
Modified:	2026-06-13 06:18 UTC (History)
CC List:	4 users (show)
Fixed In Version:	caddy-2.11.4-1.fc45
Clone Of:	2442430
Environment:
Last Closed:
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Carl George 🤠 2026-06-12 19:32:38 UTC

+++ This bug was initially created as a clone of Bug #2442430 +++

Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.

--- Additional comment from Jon Moroney on 2026-02-24 13:28:14 CST ---



--- Additional comment from Jon Moroney on 2026-02-24 13:28:20 CST ---



--- Additional comment from Jon Moroney on 2026-02-24 13:28:26 CST ---

Note You need to log in before you can comment on or make changes to this bug.