Description
User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.
Scores
CVSS v4
6.0
EPSS
0.0004
EPSS Percentile
13.4%
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-93
Status
published
Products (6)
Python Software Foundation/CPython
< 3.10.20
Python Software Foundation/CPython
3.11.0 - 3.11.15
Python Software Foundation/CPython
3.12.0 - 3.12.13
Python Software Foundation/CPython
3.13.0 - 3.13.12
Python Software Foundation/CPython
3.14.0 - 3.14.3
Python Software Foundation/CPython
3.15.0a1 - 3.15.0a6
Published
Jan 20, 2026
Tracked Since
Feb 18, 2026