Vulnerability DatabaseCVE-2026-0865
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2026-0865
January 20, 2026
User-controlled header names and values containing newlines can allow injecting HTTP headers.
Related ResourcesĀ (15)
https://github.com/python/cpython/commit/22e4d55285cee52bc4dbe061324e5f30bd4dee58
https://github.com/python/cpython/commit/e4846a93ac07a8ae9aa18203af0dd13d6e7a6995
https://github.com/python/cpython/commit/8bb044d29310bb05d15086cdaa8bf64867d61a97
https://github.com/python/cpython/commit/66da7bf6fe7b81e3ecc9c0a25bd47d4616c8d1a6
https://github.com/python/cpython/commit/286e3ac39984fe85a17f4ab39c64d382137aae5f
https://github.com/python/cpython/commit/4802b96a2cde58570c24c13ef3289490980961c5
https://mail.python.org/archives/list/security-announce@python.org/thread/BJ6QPHNSHJTS3A7CFV6IBMCAP2DWRVNT/
https://github.com/python/cpython/commit/bfba660085767f8c2d582134e9d511a85eda04cf
https://github.com/python/cpython/issues/143916
https://github.com/python/cpython/commit/23e3c0ae867cca0130e441e776c9955b9027c510
https://github.com/python/cpython/pull/143917
https://github.com/python/cpython/commit/83ecd18779f286d872f68bfce175651e407d9fff
https://github.com/python/cpython/commit/f7fceed79ca1bceae8dbe5ba5bc8928564da7211
https://github.com/python/cpython/commit/2f840249550e082dc351743f474ba56da10478d2
https://github.com/python/cpython/commit/c592227ffb48679af9845a45dbb0875d975bb219
Do you need more information?
Contact Us
CVSS v4
Base Score:
5.9
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
PRESENT
Privileges Required
HIGH
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
HIGH
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
4.9
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
NONE
Weakness Type (CWE)
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-74
EPSS
Base Score:
0.13