Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | caddyserver/caddy/v2 | 2.7.5, 2.7.5 |
Timeline
- Mar 10, 2026 CVE Published
- Mar 23, 2026 CVE Updated
Caddy's vars_regexp double-expands user input, leaking env vars and files in github.com/caddyserver/caddy
| Vendor | Product | Versions |
|---|---|---|
| github.com | caddyserver/caddy/v2 | 2.7.5, 2.7.5 |