CVE-2026-0672
Lifecycle Timeline
3DescriptionCVE.org
When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.
Analysis
When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.
Technical ContextAI
When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.
Affected ProductsAI
When using http.cookies.Morsel, user-controlled cookie values and parameters can
RemediationAI
Monitor vendor advisories for a patch.
Same technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today