CVE-2026-34767
MEDIUM
GHSA-4p4r-m79c-wq3v
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N
Lifecycle Timeline
3Tags
Description
### Impact Apps that register custom protocol handlers via `protocol.handle()` / `protocol.registerSchemesAsPrivileged()` or modify response headers via `webRequest.onHeadersReceived` may be vulnerable to HTTP response header injection if attacker-controlled input is reflected into a response header name or value. An attacker who can influence a header value may be able to inject additional response headers, affecting cookies, content security policy, or cross-origin access controls. Apps that do not reflect external input into response headers are not affected. ### Workarounds Validate or sanitize any untrusted input before including it in a response header name or value. ### Fixed Versions * `41.0.3` * `40.8.3` * `39.8.3` * `38.8.6` ### For more information If there are any questions or comments about this advisory, send an email to [[email protected]](mailto:[email protected])
Analysis
HTTP response header injection in Electron allows remote attackers to inject malicious headers via crafted input reflected in response headers when custom protocol handlers or webRequest.onHeadersReceived are used. An attacker can manipulate cookies, content security policy, or cross-origin access controls in affected applications. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today