Vulnerability in Elixir-tesla Tesla

CVE-2026-48596

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in elixir-tesla tesla allows HTTP header injection via Tesla.Multipart.add_content_type_param/2. Tesla.Multipart.add_content_type_…

EPSS: 0.000 (6.2th percentile) — read the EPSS interpretation.

Affected products

Elixir-tesla Tesla — versions 0.8.0, 6ebfdb9abe9c6f119408045b933d82462decd351

Weakness classification (CWE)

CWE-113 — HTTP Response Splitting

References

6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related, vendor-advisory)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (patch)