CVE-2026-30852
A flaw was found in Caddy, an extensible server platform. The varsregexp matcher in Caddy's HTTP module double-expands user-controlled input. A remote attacker can exploit this by injecting specific placeholders into request headers, leading to information disclosure. This allows the attacker to...