What is the CVSS score of CVE-2026-30852?

CVE-2026-30852 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Which versions of TLS are affected by CVE-2026-30852?

Caddy web server versions 2.7.5 through 2.11.1 contain a high-severity vulnerability allowing attackers to bypass security controls through input manipulation.. A patch is available.

Is there a public PoC exploit available for CVE-2026-30852?

Yes, a public proof-of-concept exploit is available for CVE-2026-30852. Prioritise patching immediately. EPSS: 0.0%.

TLS CVE-2026-30852

HIGH

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)

2026-03-07 security-advisories@github.com

GHSA-m2w3-8f23-hxxf

TLS Caddy Suse

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Mar 11, 2026 - 13:01 vuln.today

Public exploit code

Patch released

Mar 11, 2026 - 13:01 nvd

Patch available

CVE Published

Mar 07, 2026 - 17:15 nvd

HIGH 7.5

DescriptionNVD

Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the vars_regexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When vars_regexp matches against a placeholder like {http.request.header.X-Input}, the header value gets resolved once (expected), then passed through repl.ReplaceAll() again (the bug). This means an attacker can put {env.DATABASE_URL} or {file./etc/passwd} in a request header and the server will evaluate it, leaking environment variables, file contents, and system info. This issue has been patched in version 2.11.2.

AnalysisAI

{env.DATABASE_URL} or {file./etc/passwd} into request headers, an unauthenticated attacker can leak sensitive system information. Public exploit code exists for this vulnerability, which is fixed in version 2.11.2.

RemediationAI

Within 24 hours: Identify all Caddy deployments and document current versions. Within 7 days: Test and deploy Caddy 2.11.2 or later in a controlled environment. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

Vendor StatusVendor

CVE-2026-30852 vulnerability details – vuln.today

Back

TLS CVE-2026-30852

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code