CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Exploits0References5Affected Software1

Vulnrichment•added 2026/06/02 2:15 p.m.•7 views

CVE-2026-48861 CRLF injection in HTTP/1 request line via unvalidated method in Mint

CVE•added 2026/06/02 2:15 p.m.•9 views

CVE-2026-48861

The CVE describes a CRLF injection risk in elixir-mint Mint through the HTTP/1 request line construction. Specifically, encode_request_line/2 directly embeds caller-supplied method and target into the line, allowing an attacker to terminate the line and inject headers, enabling HTTP request split...

OSV•added 2026/06/02 2:15 p.m.•6 views

EEF-CVE-2026-48861 CRLF injection in HTTP/1 request line via unvalidated method in Mint

Summary Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling. In lib/mint/http1/request.ex, the encoderequestline/2 function splices the caller-supplied method and target arguments directly into the...

CNNVD•added 2026/06/02 12:0 a.m.•1 views

Mint 安全漏洞

Mint is a functional underlying HTTP client library developed by Elixir Mint. Versions of Mint from 0.1.0 to 1.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the encoderequestline/2 function not verifying the CRLF characters in method parameters, which could lead to HT...

2.1CVSS5.4AI score0.00166EPSS

RedhatCVE•added 2026/05/26 8:14 p.m.•10 views

CVE-2026-47075

Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return \r or line feed \n characters in the URL query component before constructing the HTTP/1.1 request target. Characters outside the grammar define...

7.5CVSS5.9AI score0.00394EPSS

Exploits1References1

ATTACKERKB•added 2026/05/25 2:0 p.m.•6 views

CVE-2026-47075

EUVD•added 2026/05/25 2:0 p.m.•11 views

Exploits1References5

EUVD-2026-31687

Vulnrichment•added 2026/05/25 2:0 p.m.•7 views

CVE-2026-47075 CR/LF injection in query parameter in hackney

Cvelist•added 2026/05/25 2:0 p.m.•37 views

CVE-2026-47075 CR/LF injection in query parameter in hackney

6.8CVSS0.00394EPSS

CVE•added 2026/05/25 2:0 p.m.•21 views

CVE-2026-47075

CVE-2026-47075 describes a CRLF injection in Hackney’s URL query handling. Hackney does not percent-encode CR/LF characters in the query string before forming the HTTP/1.1 request target, allowing an attacker who controls the URL to inject raw CRLF sequences and potentially perform HTTP header in...

7.5CVSS5.9AI score0.00394EPSS

Exploits1References4Affected Software1

OSV•added 2026/05/25 2:0 p.m.•6 views

EEF-CVE-2026-47075 CR/LF injection in query parameter in hackney

Summary Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return \r or line feed \n characters in the URL query component before constructing the HTTP/1.1 request target. Characters outside the gramma...

Positive Technologies•added 2026/05/25 12:0 a.m.•11 views

PT-2026-43071

Name of the Vulnerable Software and Affected Versions hackney versions 0 through 4.0.0 Description Improper Neutralization of CRLF Sequences allows HTTP Request Splitting. The software fails to percent-encode carriage return r or line feed characters in the URL query component before constructing...

7.5CVSS5.9AI score0.00394EPSS

Exploits1References7

CNNVD•added 2026/05/25 12:0 a.m.•5 views

Hackney 安全漏洞

Hackney is a program library from Hackney, Inc. A security vulnerability exists in hackney versions prior to 2.0.0 through 4.0.1, which stems from a failure to strip CRLF sequences in WebSocket upgrade code, which could lead to HTTP request/response splitting...

7.5CVSS5.8AI score0.00482EPSS

Exploits1References5

CNNVD•added 2026/05/25 12:0 a.m.•6 views

Hackney 安全漏洞

Hackney is a program library from Hackney, Inc. A security vulnerability exists in Hackney versions 0 through prior to 4.0.1, which stems from a URL query component that does not percentile encode CRLF characters, potentially resulting in HTTP request splitting...

7.5CVSS5.8AI score0.00394EPSS

Exploits1References5

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в twisted

In Twisted Web version 19.10.0, there was an HTTP request splitting vulnerability. When a content-length and a chunked encoding header were provided, the content-length took precedence, and the remaining part of the request body was interpreted as a pipelined request...

9.8CVSS7.2AI score0.03298EPSS

Exploits1References2

RedhatCVE•added 2026/05/12 9:58 a.m.•30 views

CVE-2026-43969

A flaw was found in cowlib, a library used for handling HTTP cookies. An attacker can exploit this vulnerability by injecting special characters, such as carriage return CR and line feed LF, into cookie names or values due to improper input validation. This allows for HTTP request splitting,...

3.2CVSS5.9AI score0.00145EPSS

Exploits0References2

EUVD•added 2026/05/11 9:31 p.m.•36 views

EUVD-2026-29193

Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated cookie name and value fields. cowcookie:cookie/1 in cowlib builds a client-side Cookie: request header from a list of name-value pairs...

2.1CVSS6AI score0.00145EPSS