Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2026-3644

Опубликовано: 19 мар. 2026
Источник: msrc
EPSS Низкий

Описание

Incomplete control character validation in http.cookies

EPSS

Процентиль: 30%
0.00113
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2026-3644

ubuntu
10 дней назад

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().

redhat логотип

CVE-2026-3644

CVSS3: 5.4
redhat
10 дней назад

A control character validation flaw has been discovered in the Python http.cookie module. The Morsel.update(), |= operator, and unpickling paths were not patched to resolve CVE-2026-0672, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().

nvd логотип

CVE-2026-3644

nvd
10 дней назад

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().

debian логотип

CVE-2026-3644

debian
10 дней назад

The fix for CVE-2026-0672, which rejected control characters in http.c ...

github логотип

GHSA-vf33-88pf-hwp3

github
10 дней назад

The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additionally, BaseCookie.js_output() lacked the output validation applied to BaseCookie.output().

EPSS

Процентиль: 30%
0.00113
Низкий