Emmett CVE-2026-25577
HIGHSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3Blast Radius
ecosystem impact- 2 pypi packages depend on emmett-core (2 direct, 0 indirect)
Ecosystem-wide dependent count for version 1.3.11.
DescriptionGitHub Advisory
Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmett_core.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticated attackers to trigger HTTP 500 errors and cause denial of service. This vulnerability is fixed in 1.3.11.
AnalysisAI
Emmett is a framework designed to simplify your development process. versions up to 1.3.11 contains a vulnerability that allows attackers to trigger HTTP 500 errors and cause denial of service (CVSS 7.5).
Technical ContextAI
affects Emmett is a framework designed to simplify your development process.. Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmett_core.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticated attackers to trigger HTTP 500 errors and cause denial of service. This vulnerability is fixed in 1.3.11.
Affected ProductsAI
Product: Emmett is a framework designed to simplify your development process.. Versions: up to 1.3.11.
RemediationAI
Fixed in version 1.3.11.. Restrict network access to the affected service where possible.
Same weakness CWE-248 – Uncaught Exception
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-x6cr-mq53-cc76