927 matches found
CVE-2026-58213
NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.1 and 2.12.9, an MQTT client could include protocol control characters in subscription filters that were later forwarded as NATS protocol data to route or leafnode connections, corrupti...
CVE-2026-55427
Coder exposes SSH config injection risk via the config-ssh command: before 2.34.2, 2.33.8, 2.32.7, and 2.29.17, server-supplied values for HostnameSuffix and SSHConfigOptions could be written into ~/.ssh/config without rejecting newlines or restricting directives. This could enable a malicious or...
CVE-2026-28898
swift-nio-http2's HTTP/2-to-HTTP/1.1 codec did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. swift-nio-http2 1.44.1 adds validation of all pseudo-header values :path, :authority, :scheme, :method, and :status at both the HPACK...
EUVD-2026-39533
swift-nio-http2's HTTP/2-to-HTTP/1.1 codec did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. swift-nio-http2 1.44.1 adds validation of all pseudo-header values :path, :authority, :scheme, :method, and :status at both the HPACK...
CVE-2026-28898
swift-nio-http2's HTTP/2-to-HTTP/1.1 codec did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. swift-nio-http2 1.44.1 adds validation of all pseudo-header values :path, :authority, :scheme, :method, and :status at both the HPACK...
CVE-2026-28898
CVE-2026-28898 concerns swift-nio-http2, where the HTTP/2-to-HTTP/1.1 codec did not validate pseudo-header values for control characters before translating to HTTP/1.1. The issue is addressed in swift-nio-http2 1.44.1, which adds validation for all pseudo-header values (:path, :authority, :scheme...
CVE-2026-54326
Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi HTML exports render session Markdown into a static HTML file. It did not consistently reject unsafe Markdown link and image URL schemes. In versions with scheme filtering, C0 control characters in the URL scheme could bypass th...
Oracle Linux 9 : openssh (ELSA-2026-19219)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19219 advisory. - CVE-2026-3497: Fix information disclosure or denial of service due to uninitialized variables in gssapi-keyex Resolves: RHEL-155825 - CVE-2025-61984...
CVE-2026-11373
Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections. Net::Statsite::Client is a client for the statsite protocol, which is a variant of statsd. Newlines are not removed from metric names, allowing metric injections. Values are not sanitised for newlines or other protocol...
EUVD-2026-38224
Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections. Net::Statsite::Client is a client for the statsite protocol, which is a variant of statsd. Newlines are not removed from metric names, allowing metric injections. Values are not sanitised for newlines or other protocol...
PT-2026-51292
Name of the Vulnerable Software and Affected Versions Net::Statsite::Client versions prior to 1.1.1 Description Net::Statsite::Client, a client for the statsite protocol a variant of statsd, allows metric injections. This occurs because newlines are not removed from metric names, and values are n...
Astra Linux – Vulnerability in Subversion
Insufficient validation of filenames against control characters in Apache Subversion repositories served via moddavsvn allows authenticated users with commit access to commit a corrupted revision, resulting in disruptions for users of the repository. All versions of Subversion, including Subversi...
netty-codec-http: Netty: Data manipulation via request-boundary confusion in HttpObjectDecoder
A flaw was found in Netty. The HttpObjectDecoder component, which processes incoming HTTP requests, incorrectly skips certain control characters and whitespace before reading the first request line. This behavior, which goes beyond standard HTTP protocol requirements, can lead to request-boundary...
HTTP Request Smuggling
Netty is vulnerable to HTTP Request Smuggling. The vulnerability is due to HttpObjectDecoder improperly ignoring non-CRLF control characters before the request line, which allows an attacker to create request-boundary confusion between front-end and back-end components and potentially smuggle...
GHSA-HVCG-QMG6-JM4C Netty: HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted
Summary Before reading the first request-line, HttpObjectDecoder skips every byte for which Character.isISOControlb is true 0x00–0x1F and 0x7F as well as all whitespace. RFC 9112 §2.2 only asks servers to ignore empty CRLF lines preceding the request-line — a carefully scoped robustness allowance...
EUVD-2026-36468
Netty: HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted...
Netty: HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted
Summary Before reading the first request-line, HttpObjectDecoder skips every byte for which Character.isISOControlb is true 0x00–0x1F and 0x7F as well as all whitespace. RFC 9112 §2.2 only asks servers to ignore empty CRLF lines preceding the request-line — a carefully scoped robustness allowance...
CVE-2026-50020
A flaw was found in Netty. The HttpObjectDecoder component, which processes incoming HTTP requests, incorrectly skips certain control characters and whitespace before reading the first request line. This behavior, which goes beyond standard HTTP protocol requirements, can lead to request-boundary...
CVE-2026-54231
A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log entries matching the crashed process and writes the results to files in the dump directory without sanitizing embedded control characters. A...
CVE-2026-50020 Netty's HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, before reading the first request-line, HttpObjectDecoder skips every byte for which Character.isISOControlb is true 0x00–0x1F and 0x7F as well as all...