VDB

GO-2026-4644

GO-2026-4644 PUBLISHED

Caddy's vars_regexp double-expands user input, leaking env vars and files in github.com/caddyserver/caddy

Affected Products

VendorProductVersions
github.comcaddyserver/caddy/v22.7.5, 2.7.5

Timeline

  • Mar 10, 2026 CVE Published
  • Mar 23, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›