CVE-2026-0672

Published
View on NVD ↗
CVSS v3
N/A
CVSS v2
N/A
Affected
1
PROJECT

Description

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.

python/cpython
python/cpython
The Python programming language
GitHubGitHub
73.4K