Mailman 3 [CVE-2026-1502] HTTP client proxy tunnel headers not validated for CR/LF - Security-announce - python.org

newer
Title: [CVE-2026-3446] Base64...

[CVE-2026-1502] HTTP client proxy tunnel headers not validated for CR/LF

older
[CVE-2026-5271] Python install...

Seth Larson

April 10, 2026

5:51 p.m.

There is a MEDIUM severity vulnerability affecting CPython.

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.

Please see the linked CVE ID for the latest information on affected versions:

Attachments:

attachment.html (text/html — 505 bytes)

Reply

Sign in to reply online Use email software

Show replies by date

67

Age (days ago)

67

Last active (days ago)

Download

0 comments

1 participants

tags

participants (1)

Seth Larson