Threat Advisory

Caddy Defender Vulnerability Exposes Client IP Bypass

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: High
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

CVE-2026-46415 with a CVSS score of 8.2 is a vulnerability in the Caddy Defender package, specifically affecting versions prior to 0.10.1. The issue arises from Caddy Defender's failure to utilize the client's IP address resolved by Caddy, instead relying on the immediate peer's address in cases where Caddy is deployed behind a trusted proxy. This allows clients from blocked IP ranges to bypass Defender's blocking policies when accessing Caddy through a trusted proxy whose IP address is not blocked. An attacker can exploit this vulnerability by accessing Caddy through a trusted proxy with a blocked client IP, thereby gaining the capability to bypass Defender's blocking. Exploitation of this vulnerability can result in significant business impact and consequences, including potential unauthorized access to sensitive data or systems. To exploit this vulnerability, an attacker requires access to the trusted proxy or a position to manipulate the proxy's configuration, allowing them to bypass Defender's blocking policies.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

CVE-2026-46415 with a CVSS score of 8.2 is a vulnerability in the Caddy Defender package, specifically affecting versions prior to 0.10.1. The issue arises from Caddy Defender's failure to utilize the client's IP address resolved by Caddy, instead relying on the immediate peer's address in cases where Caddy is deployed behind a trusted proxy. This allows clients from blocked IP ranges to bypass Defender's blocking policies when accessing Caddy through a trusted proxy whose IP address is not blocked. An attacker can exploit this vulnerability by accessing Caddy through a trusted proxy with a blocked client IP, thereby gaining the capability to bypass Defender's blocking. Exploitation of this vulnerability can result in significant business impact and consequences, including potential unauthorized access to sensitive data or systems. To exploit this vulnerability, an attacker requires access to the trusted proxy or a position to manipulate the proxy's configuration, allowing them to bypass Defender's blocking policies.[emaillocker id="1283"]

RECOMMENDATION:

  • We recommend you to update Caddy defender to version v0.10.1.

REFERENCES:

The following reports contain further technical details:
https://github.com/advisories/GHSA-3h23-rrpc-3p87

[/emaillocker]
crossmenu