Fedora Caddy Security Updates Address Multiple CVEs

Fedora Caddy Security Updates Address Multiple CVEs

First seen 2 Jul 2026, 02:18 UTC Linuxsecurity 97% similarity 74.0
Share:

Article Content

Browse articles
ThreatCluster

On June 23, 2026, Fedora released critical security updates for Caddy, addressing 22 CVEs in Fedora 43 and 17 CVEs in Fedora 44. The vulnerabilities include privilege escalation, information disclosure, and denial of service. Key CVEs include CVE-2026-27585, CVE-2026-30851, and CVE-2026-40097, which affect both Caddy and its vendored libraries. The updates were backported from upstream fixes and involve updates to various dependencies. Users are advised to apply the updates using the 'dnf' package manager. The vulnerabilities could lead to significant security risks if left unpatched. The updates are crucial for maintaining the integrity and security of systems running Fedora with Caddy.

Key Points: • Fedora released updates for Caddy addressing 22 CVEs in version 43 and 17 in version 44. • Critical vulnerabilities include privilege escalation and denial of service risks. • Users should apply updates immediately using the 'dnf' package manager.

ThreatCluster AI

Timeline

2025-11-13
CVE-2025-47913 published
Vulnerability in Caddy's cryptography library disclosed, affecting multiple versions.
Linuxsecurity
2025-12-11
CVE-2025-64702 published
Vulnerability in Caddy's quic-go library disclosed, affecting versions prior to update.
Linuxsecurity
2025-12-17
CVE-2025-44005 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-02-19
CVE-2025-69725 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-02-24
Multiple CVEs published
CVE-2026-27585, CVE-2026-27586, CVE-2026-27587, and CVE-2026-27589 disclosed, affecting Caddy's functionality.
Linuxsecurity
2026-02-24
CVE-2026-27588 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-02-24
CVE-2026-27590 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-02-24
CVE-2026-27589 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-02-24
CVE-2026-27587 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-02-24
CVE-2026-27586 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE

Community

Browse all →