CVE-2026-45135 - Caddy: Unsafe Unicode Handling in FastCGI splitPos Allows Execution of Non-PHP Files
CVE ID :CVE-2026-45135 Published : June 23, 2026, 5:56 p.m. | 5 hours, 14 minutes ago Description :Caddy is an extensible server platform that uses TLS by default. From 2.7.0 until 2.11.3, the FastCGI transport's splitPos() in modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go misuses...