6 matches found
CVE-2026-49756
Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in wojtekmach Req allows multipart parameter smuggling via attacker-influenced part metadata. Req.Utils.encodeformpart/2 in lib/req/utils.ex builds the per-part headers by interpolating the caller-supplied name, filename, an...
UBUNTU-CVE-2026-41853
Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...
EUVD-2026-35342
Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...
PT-2026-47664
Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.7 Spring Framework versions 6.2.0 through 6.2.18 Spring Framework versions 6.1.0 through 6.1.27 Spring Framework versions 5.3.0 through 5.3.48 Description Spring MVC and WebFlux applications are...
Linux Distros Unpatched Vulnerability : CVE-2026-41853
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 throug...
req 注入漏洞
“req” is a simple Go HTTP client developed by a Roc individual using Black Magic. Versions of “req” from 0.5.3 to 0.6.0 had an injection vulnerability. This vulnerability stemmed from improper neutralization of CRLF sequences, which could lead to multipart parameter smuggling through parts of the...