Bartosz Sławecki - Security Researcher - Exploit Intelligence Platform

CVE-2026-0672 WRITEUP MEDIUM WRITEUP

http - Cookie Injection

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.

View Code

CVE-2026-0672 WRITEUP MEDIUM WRITEUP

http - Cookie Injection

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.

View Code

CVE-2026-0672 WRITEUP MEDIUM WRITEUP

http - Cookie Injection

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.

View Code

CVE-2026-0672 WRITEUP MEDIUM WRITEUP

http - Cookie Injection

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.

View Code

CVE-2026-0672 WRITEUP MEDIUM WRITEUP

http - Cookie Injection

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.

View Code

CVE-2026-0672 WRITEUP MEDIUM WRITEUP

http - Cookie Injection

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.

View Code