CVE-2026-0864

ADVISORY - docker

Summary

When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters (\r) the resulting file could be injected with unexpected keys and values if the attacker controls the written value.

EPSS Score⁠: 0.00128 (0.028)

Common Weakness Enumeration (CWE)

ADVISORY - redhat

CWE-93⁠

Improper Neutralization of CRLF Sequences ('CRLF Injection')

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.