VYPR

CWE-93

Improper Neutralization of CRLF Sequences ('CRLF Injection')

BaseDraft

Description

The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.

Hierarchy (View 1000)

Parents

Children

Related attack patterns (CAPEC)

CAPEC-15 · CAPEC-81

CVEs mapped to this weakness (143)

page 6 of 8
  • CVE-2026-33635MedMar 26, 2026
    risk 0.21cvss 4.3epss 0.00

    iCalendar is a Ruby library for dealing with iCalendar files in the iCalendar format defined by RFC-5545. Starting in version 2.0.0 and prior to version 2.12.2, .ics serialization does not properly sanitize URI property values, enabling ICS injection through attacker-controlled…

  • CVE-2026-35601MedApr 10, 2026
    risk 0.20cvss 4.1epss 0.00

    Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CalDAV output generator builds iCalendar VTODO entries via raw string concatenation without applying RFC 5545 TEXT value escaping. User-controlled task titles containing CRLF characters break the…

  • CVE-2026-43968MedMay 11, 2026
    risk 0.19cvss 4.0epss 0.00

    Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values. cow_sse:event/1 in cowlib guards the id and event fields against \n but not against bare \r, and the internal…

  • CVE-2026-43969LowMay 11, 2026
    risk 0.14cvss 3.2epss 0.00

    Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields. cow_cookie:cookie/1 in cowlib builds a client-side Cookie: request header from a list…

  • CVE-2026-49756LowJun 8, 2026
    risk 0.07cvss epss 0.00

    Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in wojtekmach Req allows multipart parameter smuggling via attacker-influenced part metadata. Req.Utils.encode_form_part/2 in lib/req/utils.ex builds the per-part headers by interpolating the…

  • CVE-2026-48861LowJun 2, 2026
    risk 0.07cvss epss 0.00

    Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling. In lib/mint/http1/request.ex, the encode_request_line/2 function splices the caller-supplied method and target arguments…

  • CVE-2015-5285Oct 29, 2015
    risk 0.03cvss epss 0.06

    CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login.

  • CVE-2026-50188Jun 18, 2026
    risk 0.00cvss epss

    ### TL;DR This vulnerability affects Kirby sites and plugins that use the `Kirby\Http\Remote` class (including `Remote::request()`, `Remote::get()`, `Remote::post()`, and similar helpers) to send outgoing HTTP requests and that pass untrusted, user-controlled data into the…

  • CVE-2026-50269lowJun 15, 2026
    risk 0.00cvss epss 0.00

    ### Summary Attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar. ### Impact In the unlikely situation that an application is passing user-controlled strings into…

  • CVE-2026-28970Jun 12, 2026
    risk 0.00cvss epss 0.00

    Programs using swift-nio is vulnerable to HTTP request smuggling and HTTP response splitting attacks, caused by insufficient validation of outbound HTTP/1.1 request and response start line components. This vulnerability affects all swift-nio versions from 2.0.0 to 2.99.0. It is…

  • CVE-2026-47242Jun 9, 2026
    risk 0.00cvss epss 0.00

    ### Summary Two `Net::IMAP` commands, `#id` and `#enable`, do not validate their arguments. Arguments to either command could be used by an attacker to inject arbitrary IMAP commands. Please note that passing untrusted inputs to these commands is usually inappropriate and…

  • CVE-2026-47240Jun 9, 2026
    risk 0.00cvss epss 0.00

    Several Net::IMAP commands accept a "raw data" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing literals, it may still be possible to inject arbitrary IMAP commands inside non-synchronizing…

  • CVE-2026-33128Mar 20, 2026
    risk 0.00cvss epss 0.00

    H3 is a minimal H(TTP) framework. In versions prior to 1.15.6 and between 2.0.0 through 2.0.1-rc.14, createEventStream is vulnerable to Server-Sent Events (SSE) injection due to missing newline sanitization in formatEventStreamMessage() and formatEventStreamComment(). An…

  • CVE-2026-1527Mar 12, 2026
    risk 0.00cvss epss 0.00

    ImpactWhen an application passes user-controlled input to the upgrade option of client.request(), an attacker can inject CRLF sequences (\r\n) to: * Inject arbitrary HTTP headers * Terminate the HTTP request prematurely and smuggle raw data to non-HTTP services (Redis,…

  • CVE-2026-30227Mar 6, 2026
    risk 0.00cvss epss 0.01

    MimeKit is a C# library which may be used for the creation and parsing of messages using the Multipurpose Internet Mail Extension (MIME), as defined by numerous IETF specifications. Prior to version 4.15.1, a CRLF injection vulnerability in MimeKit allows an attacker to embed…

  • CVE-2026-23953Jan 22, 2026
    risk 0.00cvss epss 0.00

    Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration (e.g a member of the ‘incus’ group) can create an environment variable containing newlines, which can be used…

  • CVE-2026-23829Jan 18, 2026
    risk 0.00cvss epss 0.01

    Mailpit is an email testing tool and API for developers. Prior to version 1.28.3, Mailpit's SMTP server is vulnerable to Header Injection due to an insufficient Regular Expression used to validate `RCPT TO` and `MAIL FROM` addresses. An attacker can inject arbitrary SMTP headers…

  • CVE-2026-22779Jan 14, 2026
    risk 0.00cvss epss 0.00

    BlackSheep is an asynchronous web framework to build event based web applications with Python. Prior to 2.4.6, the HTTP Client implementation in BlackSheep is vulnerable to CRLF injection. Missing headers validation makes it possible for an attacker to modify the HTTP requests…

  • CVE-2026-22777Jan 10, 2026
    risk 0.00cvss epss 0.00

    ComfyUI-Manager is an extension designed to enhance the usability of ComfyUI. Prior to versions 3.39.2 and 4.0.5, an attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the config.ini file. This can lead to security setting…

  • CVE-2025-67735Dec 16, 2025
    risk 0.00cvss epss 0.00

    Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the `io.netty.handler.codec.http.HttpRequestEncoder` has a CRLF injection with the request URI when constructing a request. This leads to request smuggling…