Vulnerabilities4 min read
Caddy Server Flaw Lets Users Impersonate Admins
CVE-2026-30851 in Caddy's forward_auth module enables identity injection and privilege escalation. Any valid user can impersonate administrators. Update to 2.11.2.
Marcus ChenMar 8, 2026