CVE-2026-38967
9.8 CRITICALCrowCpp Crow through v1.3.1 HTTP is vulnerable to response header injection via unvalidated response header values
Published: 2026-06-02 · Last updated: 2026-06-04
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-113
Description
CrowCpp Crow through v1.3.1 HTTP is vulnerable to response header injection via unvalidated response header values.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-43966 — Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in ninenines cowlib allows HT...
- CVE-2026-48596 — Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in elixir-tesla tesla allows ...
- CVE-2026-38978 — transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths (5.3 MEDIUM)
- CVE-2026-47675 — Hono is a Web application framework that provides support for any JavaScript runtime (4.3 MEDIUM)
- CVE-2026-9658 — Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths (7.3 HIGH)