Lucene search
K

11 matches found

OSV
OSV
added 2026/05/19 7:35 p.m.5 views

GHSA-WWHQ-W58M-W29C Caddy CVE-2026-30852 Fix Bypass

TL;DR CVE-2026-30852 fixed double expansion in varsregexp when the variable key is a placeholder e.g. http.vars.x. The fix does NOT protect literal key names e.g. tenantid. An attacker injects env.AWSSECRETACCESSKEY or file./etc/passwd via a request header → Caddy expands it on the second pass →...

6.9CVSS6AI score
Exploits0References2
OSV
OSV
added 2026/03/10 6:28 p.m.3 views

GO-2026-4644 Caddy's vars_regexp double-expands user input, leaking env vars and files in github.com/caddyserver/caddy

Caddy's varsregexp double-expands user input, leaking env vars and files in github.com/caddyserver/caddy...

7.5CVSS5.8AI score0.00401EPSS
Exploits1References3
NVD
NVD
added 2026/03/07 5:15 p.m.6 views

CVE-2026-30852

Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...

7.5CVSS0.00401EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/03/07 5:15 p.m.4 views

CVE-2026-30852

Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...

7.5CVSS7AI score0.00401EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/07 4:28 p.m.32 views

CVE-2026-30852 Caddy: vars_regexp double-expands user input, leaking env vars and files

Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...

6.9CVSS0.00401EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/07 4:28 p.m.0 views

CVE-2026-30852 Caddy: vars_regexp double-expands user input, leaking env vars and files

Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...

6.9CVSS5.7AI score0.00401EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/07 4:28 p.m.4 views

CVE-2026-30852

Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...

6.9CVSS5.7AI score0.00401EPSS
Exploits1References4Affected Software1
AlpineLinux
AlpineLinux
added 2026/03/07 4:28 p.m.1 views

CVE-2026-30852

Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...

7.5CVSS5.7AI score0.00401EPSS
Exploits1
Snyk
Snyk
added 2026/03/06 11:40 p.m.0 views

Header Injection

Overview Affected versions of this package are vulnerable to Header Injection in the varsregexp matcher. An attacker can access sensitive environment variables, file contents, or system information by injecting specially crafted placeholders such as env. or file. into HTTP request headers, which...

7.5CVSS5.8AI score0.00401EPSS
Exploits1References2
OSV
OSV
added 2026/03/06 11:40 p.m.1 views

GHSA-M2W3-8F23-HXXF Caddy's vars_regexp double-expands user input, leaking env vars and files

Summary The varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the header value gets resolved once expected, then passed through repl.ReplaceAll again the bug. This mean...

6.9CVSS5.8AI score0.00401EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.5 views

PT-2026-23797

Name of the Vulnerable Software and Affected Versions Caddy versions 2.7.5 through 2.11.2 Description The vars regexp matcher in Caddy double-expands user-controlled input through the Caddy replacer. When vars regexp matches a placeholder like http.request.header.X-Input, the header value is...

9.9CVSS5.8AI score0.22162EPSS
Exploits69References142
Rows per page
Query Builder