Mailman 3 Title: [CVE-2026-0865] wsgiref.headers.Headers allows header newline injection - Security-announce - python.org

newer
[CVE-2025-15282] Header injection...

Title: [CVE-2026-0865] wsgiref.headers.Headers allows header newline injection

older
[CVE-2025-11468] Folding email...

Seth Larson

Jan. 20, 2026

9:27 p.m.

There is a MEDIUM severity vulnerability affecting CPython.

User-controlled header names and values containing newlines can allow injecting HTTP headers.

Please see the linked CVE ID for the latest information on affected versions:

https://www.cve.org/CVERecord?id=CVE-2026-0865 https://github.com/python/cpython/pull/143917

Attachments:

attachment.html (text/html — 491 bytes)

Reply

Sign in to reply online Use email software

Show replies by date

27

Age (days ago)

27

Last active (days ago)

Download

0 comments

1 participants

tags

participants (1)

Seth Larson