Sign In

CVE-2026-0865

ADVISORY - nist

Summary

User-controlled header names and values containing newlines can allow injecting HTTP headers.

EPSS Score: 0.00088 (0.254)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

ADVISORY - redhat

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in