Ashley Sommer

2 exploits Active since Jun 2026
CVE-2026-37737 WRITEUP MEDIUM WRITEUP
sanic-cors <= 2.2.0 - CORS Origin Bypass via Improper Regular Expression
sanic-cors version 2.2.0 and prior contains an improper regular expression in the try_match() function in sanic_cors/core.py that uses re.match without end-anchoring. This allows an attacker to bypass CORS origin allowlists by registering a domain that begins with a trusted origin string, to gain unauthorized access to cross-origin requests for authenticated resources.
CVSS 6.5
CVE-2026-37737 WRITEUP MEDIUM WRITEUP
sanic-cors <= 2.2.0 - CORS Origin Bypass via Improper Regular Expression
sanic-cors version 2.2.0 and prior contains an improper regular expression in the try_match() function in sanic_cors/core.py that uses re.match without end-anchoring. This allows an attacker to bypass CORS origin allowlists by registering a domain that begins with a trusted origin string, to gain unauthorized access to cross-origin requests for authenticated resources.
CVSS 6.5