CVE-2026-35507

MEDIUM

Shynet <0.14.0 - Host Header Injection

Title source: llm
STIX 2.1

Description

Shynet before 0.14.0 allows Host header injection in the password reset flow.

Scores

CVSS v3 6.4
EPSS 0.0010
EPSS Percentile 1.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-348
Status published
Products (2)
milesmcc/Shynet < 0.14.0
shynet/shynet < 0.13.1
Published Apr 03, 2026
Tracked Since Apr 03, 2026