CWE-93

Improper Neutralization of CRLF Sequences ('CRLF Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.

107 vulnerabilities with CWE-93
CVE-2026-30227
MimeKit <4.15.1 - SMTP Command Injection
CVE-2026-29046
TinyWeb <2.04 - Command Injection
CVE-2026-28296 MEDIUM
GVfs FTP Backend - Command Injection
CVSS 4.3
CVE-2026-1714 HIGH
ShopLentor WooCommerce Builder - Email Relay Abuse
CVSS 8.6
CVE-2026-1536 MEDIUM
Libsoup - HTTP Header Injection
CVSS 5.8
CVE-2026-1467 MEDIUM
Libsoup - CRLF Injection
CVSS 5.8
CVE-2026-24489 MEDIUM
Gakido <0.1.1 - Command Injection
CVSS 5.3
CVE-2026-1299
Email module - Header Injection
CVE-2026-23953 HIGH
Incus <6.20.0 - Command Injection
CVSS 8.7
CVE-2026-0672
http - Cookie Injection
CVE-2025-15282
urllib < - SSRF
CVE-2025-11468
Email Client - Info Disclosure
CVE-2026-23829 MEDIUM
Mailpit <1.28.3 - Header Injection
CVSS 5.3
CVE-2026-22777 HIGH
ComfyUI-Manager <3.39.2, <4.0.5 - Code Injection
CVSS 7.5
CVE-2026-21428 HIGH
Yhirose Cpp-httplib < 0.30.0 - SSRF
CVSS 7.5
CVE-2022-50682 MEDIUM
Kentico Xperience - CRLF Injection
CVSS 6.5
CVE-2025-67735 MEDIUM
Netty <4.1.129.Final, <4.2.8.Final - Request Smuggling
CVSS 6.5
CVE-2025-14531 MEDIUM
code-projects Rental Management System 2.0 - CRLF Injection
CVSS 4.3
CVE-2025-54972 MEDIUM
Fortinet FortiMail <7.6.3 - Crlf Injection
CVSS 4.3
CVE-2025-59151 HIGH
Pi-hole Web Interface < 6.3 - XSS
CVSS 8.2
CVE-2025-56007 MEDIUM
KeeneticOS <4.3 - Command Injection
CVSS 6.5
CVE-2025-59419
Io.netty Netty-codec-smtp < 4.2.7.Final - Command Injection
CVE-2025-61884 HIGHKEV
Oracle Configurator < 12.2.14 - SSRF
CVSS 7.5
CVE-2025-28357 HIGH
Neto CMS <6.314.0 - Code Injection
CVSS 8.8
CVE-2025-57804
h2 <4.3.0 - Request Smuggling
Details
Vulnerabilities 107
Links
MITRE CWE Entry Search this CWE With Exploits