EEF-CVE-2026-47075 CR/LF injection in query parameter in hackney
Summary Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return \r or line feed \n characters in the URL query component before constructing the HTTP/1.1 request target. Characters outside the gramma...