VYPR
Medium severityOSV Advisory· Published Jan 20, 2026· Updated Apr 15, 2026

CVE-2026-0672

CVE-2026-0672

Description

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

171

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.