Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-93

CWE-93

Improper Neutralization of CRLF Sequences ('CRLF Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.

174 vulnerabilities with CWE-93

CVE-2026-12143 HIGH

form-data does not escape CR/LF/quote in multipart field names and filenames (CRLF injection)

CVE-2026-50629 MEDIUM

Apache CXF: OAuth2: Log Injection via Unsanitized Client Identifier

CVE-2026-49214 MEDIUM

guzzlehttp/psr7 has CRLF Injection via URI Host Component

CVE-2026-50639 MEDIUM

Metrics::Any::Adapter::SignalFx versions before 0.04 for Perl does not protect against metric injections

CVE-2026-50638 CRITICAL

Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections

CVE-2026-50637 HIGH

Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections

CVE-2026-49756 LOW

Multipart form-data header injection in Req via unescaped name/filename/content_type

CVE-2026-9270 CRITICAL

DataDog::DogStatsd versions through 0.07 for Perl allow metric injections

CVE-2026-11362 CRITICAL

DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags

CVE-2026-50292 HIGH

Freedesktop Libinput - Improper Neutralization of CRLF Sequences ('CRLF Injection')

CVE-2026-46741 HIGH

Etsy::StatsD versions through 1.002002 for Perl allow metric injections

CVE-2026-46739 MEDIUM

Net::Statsd versions before 0.13 for Perl allow metric injections

CVE-2026-8722 MEDIUM

Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections

CVE-2026-48861 LOW

CRLF injection in HTTP/1 request line via unvalidated method in Mint

CVE-2026-45372 CRITICAL

cpp-httplib: HTTP header value percent-decoding in server-side `parse_header` enables CRLF injection

CVE-2026-49130 MEDIUM

Music Player Daemon < 0.24.11 CRLF Injection via XspfPlaylistPlugin.cxx

CVE-2026-46740 MEDIUM

Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections

CVE-2026-44214 MEDIUM

eventsource-encoder: SSE event injection via unsanitized event and id fields

CVE-2026-47075 HIGH

CR/LF injection in query parameter in hackney

CVE-2026-47072 HIGH

CRLF injection in WebSocket upgrade request in hackney

CVE-2026-47069 MEDIUM

CRLF injection in cookie domain/path options in hackney

CVE-2026-8788 HIGH

Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections

CVE-2026-46720 HIGH

Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections

CVE-2026-46719 MEDIUM

Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections

CVE-2026-32993 HIGH

Webpros cPanel - Improper Neutralization of CRLF Sequences ('CRLF Injection')

Page 1 of 7 Next

Details

Vulnerabilities 174

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy