Go modules package
github.com/caddyserver/caddy/v2/modules/caddyhttp
pkg:golang/github.com/caddyserver/caddy/v2/modules/caddyhttp
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-30852 | — | >= 2.7.5, < 2.11.2 | 2.11.2 | Mar 7, 2026 | Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the vars_regexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When vars_regexp matches against a placeholder like {http.request. |
- CVE-2026-30852Mar 7, 2026affected >= 2.7.5, < 2.11.2fixed 2.11.2
Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the vars_regexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When vars_regexp matches against a placeholder like {http.request.