CVE-2026-0672

ADVISORY - nist

Summary

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.

EPSS Score⁠: 0.00081 (0.240)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-93⁠

Improper Neutralization of CRLF Sequences ('CRLF Injection')

ADVISORY - redhat

CWE-93⁠

Improper Neutralization of CRLF Sequences ('CRLF Injection')

Impacted images

Advisories

NIST

CREATED

18 days ago

UPDATED

12 days ago

ADVISORY IDCVE-2026-0672⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-93⁠

CVSS SCORE

6medium

Debian

CREATED

16 days ago

UPDATED

2 days ago

ADVISORY IDCVE-2026-0672⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

17 days ago

UPDATED

2 days ago

ADVISORY IDCVE-2026-0672⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Bitnami

CREATED

12 days ago

UPDATED

11 days ago

ADVISORY ID

BIT-libpython-2026-0672

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

6medium

Bitnami

CREATED

12 days ago

UPDATED

11 days ago

ADVISORY ID

BIT-python-2026-0672

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

6medium

Bitnami

CREATED

12 days ago

UPDATED

11 days ago

ADVISORY ID

BIT-python-min-2026-0672

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

6medium

Red Hat

CREATED

18 days ago

UPDATED

16 days ago

ADVISORY IDCVE-2026-0672⁠

EXPLOITABILITY SCORE

1.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-93⁠

CVSS SCORE

4.8medium

Chainguard

CREATED

4 days ago

UPDATED

4 days ago

ADVISORY ID

CGA-cp3f-r43j-qh98

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

3 days ago

UPDATED

3 days ago

ADVISORY ID

MINI-7564-44pv-4cf3

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

3 days ago

UPDATED

3 days ago

ADVISORY ID

MINI-c7gc-w8jf-rmw9

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

3 days ago

UPDATED

3 days ago

ADVISORY ID

MINI-r8mr-j8gq-j3f8

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

3 days ago

UPDATED

3 days ago

ADVISORY ID

MINI-rm3w-554p-hc8m

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY