Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-27586 is a vulnerability in the Caddy server's mutual TLS (mTLS) client authentication implementation. Specifically, in versions prior to 2.11.1, two errors in the ClientAuthentication.provision() method are silently ignored when the CA certificate file is missing, unreadable, or malformed. Instead of reporting these errors, the server proceeds without properly loading the intended private CA certificates."}, {'type': 'paragraph', 'content': 'As a result, the server starts normally but accepts any client certificate signed by any system-trusted Certificate Authority (CA), bypassing the intended private CA trust boundary. This means that deployments using custom trusted CA files for mTLS will unintentionally accept client certificates validated against the broader system root CA pool if the CA file is unavailable or corrupted.'}, {'type': 'paragraph', 'content': 'The server gives no indication that mTLS is misconfigured, causing a silent security degradation. This fail-open behavior undermines the security guarantees of mTLS by allowing unauthorized clients to authenticate successfully.'}] [1, 2]

Useful 0 Not Useful 0

Impact Analysis

[{'type': 'paragraph', 'content': "This vulnerability can critically impact the security of any system using Caddy's mTLS with custom trusted CA certificate files. If the CA certificate file is missing, unreadable, or malformed due to reasons such as typos, file rotation, corruption, or permission changes, the server will silently accept any client certificate signed by any system-trusted CA."}, {'type': 'paragraph', 'content': 'This effectively widens the trust boundary beyond the intended private CA, allowing unauthorized clients to authenticate and potentially gain access to protected resources.'}, {'type': 'paragraph', 'content': 'Because the server does not report any error or warning, administrators may be unaware that the mTLS configuration has degraded, leading to a critical security bypass.'}] [1, 2]

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by verifying whether the Caddy server is silently failing open in its mTLS client certificate authentication due to missing, unreadable, or malformed CA certificate files. Specifically, if the server is configured with trusted_ca_cert_file or trusted_ca_certs_pem_files but the CA file is missing or invalid, the server will accept any client certificate signed by any system-trusted CA instead of the intended private CA.

A practical detection method involves attempting a TLS handshake with a client certificate that is not signed by the intended private CA but is trusted by the system root CA pool. If the handshake succeeds, it indicates the vulnerability is present.

While no explicit commands are provided in the resources, the proof-of-concept test demonstrates using Go code to configure a TLS listener with the faulty ClientAuthentication and then performing a TLS handshake with a self-signed client certificate. This approach can be adapted to test your environment.

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade Caddy to version 2.11.1 or later, where the vulnerability is fixed by correcting the error handling in the ClientAuthentication.provision() method.

Until the upgrade is applied, ensure that the CA certificate files referenced by trusted_ca_cert_file or trusted_ca_certs_pem_files exist, are readable, correctly formatted, and have proper permissions to prevent the server from silently failing open.

Additionally, monitor the server logs and configuration to detect any changes or issues with the CA files, such as file rotations, typos in paths, or corruption, which could trigger the vulnerability.

Useful 0 Not Useful 0