What is the CVSS score of EUVD-2026-11701?

EUVD-2026-11701 has a CVSS 3.1 base score of 4.6 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N. EPSS exploitation probability: 0.0%.

Which versions of Redis are affected by EUVD-2026-11701?

CVE-2026-1527 presents moderate security risk rated CVSS 4.6. Exploitation could compromise the security of affected deployments.. A patch is available.

Redis EUVD-2026-11701

| CVE-2026-1527 MEDIUM

Improper Neutralization of CRLF Sequences ('CRLF Injection') (CWE-93)

2026-03-12 ce714d77-add3-4f53-aff5-83d477b104bb

GHSA-4992-7rv2-5pvq

Redis Code Injection Red Hat Elastic Suse

4.6

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 12, 2026 - 22:55 euvd

EUVD-2026-11701

Analysis Generated

Mar 12, 2026 - 22:55 vuln.today

CVE Published

Mar 12, 2026 - 21:16 nvd

MEDIUM 4.6

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

28 npm packages depend on undici (16 direct, 23 indirect)

Ecosystem-wide dependent count for version 7.0.0.

DescriptionNVD

ImpactWhen an application passes user-controlled input to the upgrade option of client.request(), an attacker can inject CRLF sequences (\r\n) to:

Inject arbitrary HTTP headers
Terminate the HTTP request prematurely and smuggle raw data to non-HTTP services (Redis, Memcached, Elasticsearch)

The vulnerability exists because undici writes the upgrade value directly to the socket without validating for invalid header characters:

// lib/dispatcher/client-h1.js:1121 if (upgrade) { header += connection: upgrade\r\nupgrade: ${upgrade}\r\n }

AnalysisAI

CRLF injection in undici's HTTP upgrade handling allows authenticated attackers to inject arbitrary headers and perform request smuggling attacks against backend services like Redis and Elasticsearch when user input is passed unsanitized to the upgrade option. The vulnerability stems from insufficient validation of the upgrade parameter before writing to the socket, enabling attackers to terminate HTTP requests prematurely and route malicious data to non-HTTP protocols. …

RemediationAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory