CVE-2026-6019
ADVISORY - nistSummary
http.cookies.Morsel.js_output() returns an inline inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value.
EPSS Score: 0.00039 (0.117)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Improper Neutralization of Escape, Meta, or Control Sequences
Docker
CREATED
UPDATED
ADVISORY ID
CVE-2026-6019
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| python | dhi | - | - | >=0 | Not yet available |
| alpine/python-3.10 | apk | alpine | 3.23 | >=0 | Not yet available |
| alpine/python-3.11 | apk | alpine | 3.23 | >=0 | Not yet available |
| alpine/python-3.12 | apk | alpine | 3.23 | >=0 | Not yet available |
| alpine/python-3.13 | apk | alpine | 3.23 | >=0 | Not yet available |
| alpine/python-3.14 | apk | alpine | 3.23 | >=0 | Not yet available |
Severity and metrics
No CVSS data available from this advisory.
NIST
CREATED
UPDATED
ADVISORY IDCVE-2026-6019
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
2.1lowDebian
CREATED
UPDATED
ADVISORY IDCVE-2026-6019
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2026-6019
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-