Vulnerability in Python Software Foundation Cpython
CVE-2026-1502
CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.
Vulnerability class: CRLF Injection
EPSS: 0.000 (6.9th percentile) — read the EPSS interpretation.
Affected products
- Python Software Foundation Cpython — versions 0, 3.15.0a1
Weakness classification (CWE)
References
- cna@python.org (patch)
- cna@python.org (issue-tracking)
- cna@python.org (vendor-advisory)
- cna@python.org (patch)
- cna@python.org (patch)
- af854a3a-2127-422b-91ae-364da2661108
- cna@python.org (patch)
- cna@python.org (patch)