2 matches found
CVE-2026-30852
Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...
PT-2026-23797
Name of the Vulnerable Software and Affected Versions Caddy versions 2.7.5 through 2.11.2 Description The vars regexp matcher in Caddy double-expands user-controlled input through the Caddy replacer. When vars regexp matches a placeholder like http.request.header.X-Input, the header value is...