What is CVE-2026-7010?

CVE-2026-7010 is a medium-severity vulnerability in Haarg Http::tiny, classified under HTTP Response Splitting. CVSS score: 6.5/10. Published 2026-05-11.

How severe is CVE-2026-7010?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Vulnerability in Haarg Http::tiny

CVE-2026-7010

HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are the method and URI in the request line, the URL host that becomes the `Host:` header, and HTTP…

EPSS: 0.000 (11.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N.

Affected products

Haarg Http::tiny — versions 0

Weakness classification (CWE)

CWE-113 — HTTP Response Splitting

References

9b29abf9-4ab0-4765-b253-1875cd9b441e (patch)
9b29abf9-4ab0-4765-b253-1875cd9b441e (release-notes)
af854a3a-2127-422b-91ae-364da2661108

Frequently asked questions

What is CVE-2026-7010?: CVE-2026-7010 is a medium-severity vulnerability in Haarg Http::tiny, classified under HTTP Response Splitting. CVSS score: 6.5/10. Published 2026-05-11.
How severe is CVE-2026-7010?: Medium severity. CVSS v3 base score is 6.5 out of 10.