CVE-2026-0672

ADVISORY - nist

Summary

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.

EPSS Score⁠: 0.00056 (0.176)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-93⁠

Improper Neutralization of CRLF Sequences ('CRLF Injection')

ADVISORY - redhat

CWE-93⁠

Improper Neutralization of CRLF Sequences ('CRLF Injection')

Impacted images

Advisories

NIST

CREATED

7 days ago

UPDATED

2 days ago

ADVISORY IDCVE-2026-0672⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-93⁠

CVSS SCORE

6medium

Debian

CREATED

6 days ago

UPDATED

1 day ago

ADVISORY IDCVE-2026-0672⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

7 days ago

UPDATED

7 days ago

ADVISORY IDCVE-2026-0672⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Bitnami

CREATED

2 days ago

UPDATED

21 hours ago

ADVISORY ID

BIT-libpython-2026-0672

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

6medium

Bitnami

CREATED

2 days ago

UPDATED

21 hours ago

ADVISORY ID

BIT-python-2026-0672

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

6medium

Bitnami

CREATED

2 days ago

UPDATED

21 hours ago

ADVISORY ID

BIT-python-min-2026-0672

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

6medium

Red Hat

CREATED

7 days ago

UPDATED

6 days ago

ADVISORY IDCVE-2026-0672⁠

EXPLOITABILITY SCORE

1.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-93⁠

CVSS SCORE

4.8medium