Medium severity5.4NVD Advisory· Published Sep 29, 2023· Updated Jun 17, 2026
CVE-2023-26148
CVE-2023-26148
Description
All versions of the package ithewei/libhv are vulnerable to CRLF Injection when untrusted user input is used to set request headers. An attacker can add the \r\n (carriage return line feeds) characters and inject additional headers in the request sent.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- gist.github.com/dellalibera/65d136066fdd5ea4dddaadaa9b0ba90envdExploitThird Party Advisory
- security.snyk.io/vuln/SNYK-UNMANAGED-ITHEWEILIBHV-5730769nvdThird Party Advisory
News mentions
0No linked articles in our index yet.