Github.Com Caddyserver Caddy V2 Modules Caddyhttp vulnerabilities

1 known vulnerability affecting github.com/caddyserver_caddy_v2_modules_caddyhttp.

Total CVEs
1
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2026-30852MEDIUM≥ 2.7.5, < 2.11.22026-03-06
CVE-2026-30852 [MEDIUM] CWE-200 Caddy's vars_regexp double-expands user input, leaking env vars and files Caddy's vars_regexp double-expands user input, leaking env vars and files ### Summary The `vars_regexp` matcher in `vars.go:337` double-expands user-controlled input through the Caddy replacer. When `vars_regexp` matches against a placeholder like `{http.request.header.X-Input}`, the header value gets resolved once (expected), then passed through `repl.ReplaceAll()` again (the bug). This m
ghsaosv
Github.Com Caddyserver Caddy V2 Modules Caddyhttp vulnerabilities | cvebase