Vulnerability-Lookup

CVE-2026-27586 (GCVE-0-2026-27586)

Vulnerability from cvelistv5 – Published: 2026-02-24 16:08 – Updated: 2026-02-24 16:08

Title

Caddy's mTLS client authentication silently fails open when CA certificate file is missing or malformed

Summary

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, two swallowed errors in `ClientAuthentication.provision()` cause mTLS client certificate authentication to silently fail open when a CA certificate file is missing, unreadable, or malformed. The server starts without error but accepts any client certificate signed by any system-trusted CA, completely bypassing the intended private CA trust boundary. Any deployment using `trusted_ca_cert_file` or `trusted_ca_certs_pem_files` for mTLS will silently degrade to accepting any system-trusted client certificate if the CA file becomes unavailable. This can happen due to a typo in the path, file rotation, corruption, or permission changes. The server gives no indication that mTLS is misconfigured. Version 2.11.1 fixes the vulnerability.

Severity ?

8.8 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

CWE

CWE-755 - Improper Handling of Exceptional Conditions

Assigner

GitHub_M

References

URL

Tags

	https://github.com/caddyserver/caddy/security/adv…	x_refsource_CONFIRM
	https://gist.github.com/moscowchill/9566c79c76c0b…	x_refsource_MISC
	https://github.com/caddyserver/caddy/releases/tag…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	caddyserver	caddy	Affected: < 2.11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "product": "caddy",
          "vendor": "caddyserver",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.11.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, two swallowed errors in `ClientAuthentication.provision()` cause mTLS client certificate authentication to silently fail open when a CA certificate file is missing, unreadable, or malformed. The server starts without error but accepts any client certificate signed by any system-trusted CA, completely bypassing the intended private CA trust boundary. Any deployment using `trusted_ca_cert_file` or `trusted_ca_certs_pem_files` for mTLS will silently degrade to accepting any system-trusted client certificate if the CA file becomes unavailable. This can happen due to a typo in the path, file rotation, corruption, or permission changes. The server gives no indication that mTLS is misconfigured. Version 2.11.1 fixes the vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-755",
              "description": "CWE-755: Improper Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-24T16:08:20.569Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/caddyserver/caddy/security/advisories/GHSA-hffm-g8v7-wrv7",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/caddyserver/caddy/security/advisories/GHSA-hffm-g8v7-wrv7"
        },
        {
          "name": "https://gist.github.com/moscowchill/9566c79c76c0b64c57f8bd0716f97c48",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gist.github.com/moscowchill/9566c79c76c0b64c57f8bd0716f97c48"
        },
        {
          "name": "https://github.com/caddyserver/caddy/releases/tag/v2.11.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/caddyserver/caddy/releases/tag/v2.11.1"
        }
      ],
      "source": {
        "advisory": "GHSA-hffm-g8v7-wrv7",
        "discovery": "UNKNOWN"
      },
      "title": "Caddy\u0027s mTLS client authentication silently fails open when CA certificate file is missing or malformed"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-27586",
    "datePublished": "2026-02-24T16:08:20.569Z",
    "dateReserved": "2026-02-20T17:40:28.450Z",
    "dateUpdated": "2026-02-24T16:08:20.569Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

FKIE_CVE-2026-27586

Vulnerability from fkie_nvd - Published: 2026-02-24 17:29 - Updated: 2026-02-24 17:29

Severity ?

8.8 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

Summary

References

	URL	Tags
	security-advisories@github.com	https://gist.github.com/moscowchill/9566c79c76c0b64c57f8bd0716f97c48
	security-advisories@github.com	https://github.com/caddyserver/caddy/releases/tag/v2.11.1
	security-advisories@github.com	https://github.com/caddyserver/caddy/security/advisories/GHSA-hffm-g8v7-wrv7

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, two swallowed errors in `ClientAuthentication.provision()` cause mTLS client certificate authentication to silently fail open when a CA certificate file is missing, unreadable, or malformed. The server starts without error but accepts any client certificate signed by any system-trusted CA, completely bypassing the intended private CA trust boundary. Any deployment using `trusted_ca_cert_file` or `trusted_ca_certs_pem_files` for mTLS will silently degrade to accepting any system-trusted client certificate if the CA file becomes unavailable. This can happen due to a typo in the path, file rotation, corruption, or permission changes. The server gives no indication that mTLS is misconfigured. Version 2.11.1 fixes the vulnerability."
    }
  ],
  "id": "CVE-2026-27586",
  "lastModified": "2026-02-24T17:29:03.793",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "PROOF_OF_CONCEPT",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "HIGH",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-02-24T17:29:03.793",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://gist.github.com/moscowchill/9566c79c76c0b64c57f8bd0716f97c48"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/caddyserver/caddy/releases/tag/v2.11.1"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/caddyserver/caddy/security/advisories/GHSA-hffm-g8v7-wrv7"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Received",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-755"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

GHSA-HFFM-G8V7-WRV7

Vulnerability from github – Published: 2026-02-24 20:22 – Updated: 2026-02-24 20:22

Summary

Caddy: mTLS client authentication silently fails open when CA certificate file is missing or malformed

Details

Summary

Two swallowed errors in ClientAuthentication.provision() cause mTLS client certificate authentication to silently fail open when a CA certificate file is missing, unreadable, or malformed. The server starts without error but accepts any client certificate signed by any system-trusted CA, completely bypassing the intended private CA trust boundary.

Details

In modules/caddytls/connpolicy.go, the provision() method has two return nil statements that should be return err:

Bug #1 — line 787:

ders, err := convertPEMFilesToDER(fpath)
if err != nil {
    return nil  // BUG: should be "return err"
}

Bug #2 — line 800:

err := caPool.Provision(ctx)
if err != nil {
    return nil  // BUG: should be "return err"
}

Compare with line 811 which correctly returns the error:

caRaw, err := ctx.LoadModule(clientauth, "CARaw")
if err != nil {
    return err  // CORRECT
}

When the error is swallowed on line 787, the chain is:

TrustedCACerts remains empty (no DER data appended from the file)
The len(clientauth.TrustedCACerts) > 0 guard on line 794 is false — skipped
clientauth.CARaw is nil — line 806 returns nil
clientauth.ca remains nil — no CA pool was created
provision() returns nil — caller thinks provisioning succeeded

Then in ConfigureTLSConfig():

Active() returns true because TrustedCACertPEMFiles is non-empty
Default mode is set to RequireAndVerifyClientCert (line 860)
But clientauth.ca is nil, so cfg.ClientCAs is never set (line 867 skipped)
Go's crypto/tls with RequireAndVerifyClientCert + nil ClientCAs verifies client certs against the system root pool instead of the intended CA

The fix is changing return nil to return err on lines 787 and 800.

PoC

Configure Caddy with mTLS pointing to a nonexistent CA file:

{
    "apps": {
        "http": {
            "servers": {
                "srv0": {
                    "listen": [":443"],
                    "tls_connection_policies": [{
                        "client_authentication": {
                            "trusted_ca_certs_pem_files": ["/nonexistent/ca.pem"]
                        }
                    }]
                }
            }
        }
    }
}

Start Caddy — it starts without any error or warning.
Connect with any client certificate (even self-signed):

openssl s_client -connect localhost:443 -cert client.pem -key client-key.pem

The TLS handshake succeeds despite the certificate not being signed by the intended CA.

A full Go test that proves the bug end-to-end (including a successful TLS handshake with a random self-signed client cert) is here: https://gist.github.com/moscowchill/9566c79c76c0b64c57f8bd0716f97c48

Test output:

=== RUN   TestSwallowedErrorMTLSFailOpen
    BUG CONFIRMED: provision() swallowed the error from a nonexistent CA file.
    tls.Config has RequireAndVerifyClientCert but ClientCAs is nil.
    CRITICAL: TLS handshake succeeded with a self-signed client cert!
    The server accepted a client certificate NOT signed by the intended CA.
--- PASS: TestSwallowedErrorMTLSFailOpen (0.03s)

Impact

Any deployment using trusted_ca_cert_file or trusted_ca_certs_pem_files for mTLS will silently degrade to accepting any system-trusted client certificate if the CA file becomes unavailable. This can happen due to a typo in the path, file rotation, corruption, or permission changes. The server gives no indication that mTLS is misconfigured.

Severity ?

8.8 (High)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/caddyserver/caddy/v2/modules/caddytls"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.11.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-27586"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-755"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-24T20:22:53Z",
    "nvd_published_at": "2026-02-24T17:29:03Z",
    "severity": "HIGH"
  },
  "details": "### Summary\n\nTwo swallowed errors in `ClientAuthentication.provision()` cause mTLS client certificate authentication to silently fail open when a CA certificate file is missing, unreadable, or malformed. The server starts without error but accepts any client certificate signed by any system-trusted CA, completely bypassing the intended private CA trust boundary.\n\n### Details\n\nIn `modules/caddytls/connpolicy.go`, the `provision()` method has two `return nil` statements that should be `return err`:\n\n**Bug #1 \u2014 line 787:**\n```go\nders, err := convertPEMFilesToDER(fpath)\nif err != nil {\n    return nil  // BUG: should be \"return err\"\n}\n```\n\n**Bug #2 \u2014 line 800:**\n```go\nerr := caPool.Provision(ctx)\nif err != nil {\n    return nil  // BUG: should be \"return err\"\n}\n```\n\nCompare with line 811 which correctly returns the error:\n```go\ncaRaw, err := ctx.LoadModule(clientauth, \"CARaw\")\nif err != nil {\n    return err  // CORRECT\n}\n```\n\nWhen the error is swallowed on line 787, the chain is:\n\n1. `TrustedCACerts` remains empty (no DER data appended from the file)\n2. The `len(clientauth.TrustedCACerts) \u003e 0` guard on line 794 is false \u2014 skipped\n3. `clientauth.CARaw` is nil \u2014 line 806 returns nil\n4. `clientauth.ca` remains nil \u2014 no CA pool was created\n5. `provision()` returns nil \u2014 caller thinks provisioning succeeded\n\nThen in `ConfigureTLSConfig()`:\n\n6. `Active()` returns true because `TrustedCACertPEMFiles` is non-empty\n7. Default mode is set to `RequireAndVerifyClientCert` (line 860)\n8. But `clientauth.ca` is nil, so `cfg.ClientCAs` is never set (line 867 skipped)\n9. Go\u0027s `crypto/tls` with `RequireAndVerifyClientCert` + nil `ClientCAs` verifies client certs against the **system root pool** instead of the intended CA\n\nThe fix is changing `return nil` to `return err` on lines 787 and 800.\n\n### PoC\n\n1. Configure Caddy with mTLS pointing to a nonexistent CA file:\n\n```\n{\n    \"apps\": {\n        \"http\": {\n            \"servers\": {\n                \"srv0\": {\n                    \"listen\": [\":443\"],\n                    \"tls_connection_policies\": [{\n                        \"client_authentication\": {\n                            \"trusted_ca_certs_pem_files\": [\"/nonexistent/ca.pem\"]\n                        }\n                    }]\n                }\n            }\n        }\n    }\n}\n```\n\n2. Start Caddy \u2014 it starts without any error or warning.\n\n3. Connect with any client certificate (even self-signed):\n```bash\nopenssl s_client -connect localhost:443 -cert client.pem -key client-key.pem\n```\n\n4. The TLS handshake succeeds despite the certificate not being signed by the intended CA.\n\nA full Go test that proves the bug end-to-end (including a successful TLS handshake with a random self-signed client cert) is here: https://gist.github.com/moscowchill/9566c79c76c0b64c57f8bd0716f97c48\n\nTest output:\n```\n=== RUN   TestSwallowedErrorMTLSFailOpen\n    BUG CONFIRMED: provision() swallowed the error from a nonexistent CA file.\n    tls.Config has RequireAndVerifyClientCert but ClientCAs is nil.\n    CRITICAL: TLS handshake succeeded with a self-signed client cert!\n    The server accepted a client certificate NOT signed by the intended CA.\n--- PASS: TestSwallowedErrorMTLSFailOpen (0.03s)\n```\n\n### Impact\n\nAny deployment using `trusted_ca_cert_file` or `trusted_ca_certs_pem_files` for mTLS will silently degrade to accepting any system-trusted client certificate if the CA file becomes unavailable. This can happen due to a typo in the path, file rotation, corruption, or permission changes. The server gives no indication that mTLS is misconfigured.",
  "id": "GHSA-hffm-g8v7-wrv7",
  "modified": "2026-02-24T20:22:53Z",
  "published": "2026-02-24T20:22:53Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/caddyserver/caddy/security/advisories/GHSA-hffm-g8v7-wrv7"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27586"
    },
    {
      "type": "WEB",
      "url": "https://github.com/caddyserver/caddy/commit/d42d39b4bc237c628f9a95363b28044cb7a7fe72"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/moscowchill/9566c79c76c0b64c57f8bd0716f97c48"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/caddyserver/caddy"
    },
    {
      "type": "WEB",
      "url": "https://github.com/caddyserver/caddy/releases/tag/v2.11.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Caddy: mTLS client authentication silently fails open when CA certificate file is missing or malformed"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-27586 (GCVE-0-2026-27586)

FKIE_CVE-2026-27586

GHSA-HFFM-G8V7-WRV7

Summary

Details

PoC

Impact

Tags

Sightings

Nomenclature