CVE-2026-54163 secure_headers: CSP directive injection via sandbox, plugin_types, and report_to when given untrusted input
secureheaders manages application of security headers with many safe defaults. Prior to 7.3.0, secureheaders builds the Content-Security-Policy value by stitching directives with ; separators, and buildsandboxlistdirective, buildmediatypelistdirective, and buildreporttodirective interpolate...