CVE-2026-0672
EUVD-2026-352120.01.2026, 22:15
When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.
Awaiting analysis
This vulnerability is currently awaiting analysis.
Vulnerability Media Exposure
References