VYPR
inside the generated script element. Mitigation base64-encodes the cookie value to disallow esc","datePublished":"2026-04-22T20:16:42.617Z","dateModified":"2026-05-28T19:15:28.54Z","publisher":{"@type":"Organization","@id":"https://portal.vyprsec.ai#publisher","name":"VYPR","url":"https://portal.vyprsec.ai","logo":{"@type":"ImageObject","url":"https://portal.vyprsec.ai/icon.svg","width":64,"height":64},"description":"Real-time CVE intelligence newsroom — feeds, exploits, vendor advisories, and AI-synthesized insights."},"author":{"@type":"Organization","@id":"https://portal.vyprsec.ai#publisher","name":"VYPR","url":"https://portal.vyprsec.ai","logo":{"@type":"ImageObject","url":"https://portal.vyprsec.ai/icon.svg","width":64,"height":64},"description":"Real-time CVE intelligence newsroom — feeds, exploits, vendor advisories, and AI-synthesized insights."},"proficiencyLevel":"Expert","about":{"@type":"Thing","@id":"https://nvd.nist.gov/vuln/detail/CVE-2026-6019","name":"CVE-2026-6019","identifier":"CVE-2026-6019","description":"http.cookies.Morsel.js_output() returns an inline inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value.","additionalType":"https://schema.org/SoftwareApplication","sameAs":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6019"]},"keywords":"CVE-2026-6019, Medium, CWE-116, CWE-150, Python (programming language) Python, Python (programming language) Python","mentions":[{"@type":"SoftwareApplication","name":"Python","applicationCategory":"SecurityApplication","publisher":{"@type":"Organization","name":"Python (programming language)"}},{"@type":"SoftwareApplication","name":"Python","applicationCategory":"SecurityApplication","publisher":{"@type":"Organization","name":"Python (programming language)"}}],"isAccessibleForFree":true},{"@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://portal.vyprsec.ai/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://portal.vyprsec.ai/cves"},{"@type":"ListItem","position":3,"name":"CVE-2026-6019","item":"https://portal.vyprsec.ai/cves/CVE-2026-6019"}]}]}
Medium severity6.1NVD Advisory· Published Apr 22, 2026· Updated May 28, 2026

CVE-2026-6019

CVE-2026-6019

Description

http.cookies.Morsel.js_output() returns an inline inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

32

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.