Vulnerability Description
CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.
Related Weaknesses (CWE)
References
- https://github.com/python/cpython/commit/05ed7ce7ae9e17c23a04085b2539fe6d6d3cef6
- https://github.com/python/cpython/commit/b1cf9016335cb637c5a425032e8274a224f4b2e
- https://github.com/python/cpython/issues/146211
- https://github.com/python/cpython/pull/146212
- https://mail.python.org/archives/list/[email protected]/thread/2IVPAE
- http://www.openwall.com/lists/oss-security/2026/04/11/4
FAQ
What is CVE-2026-1502?
CVE-2026-1502 is a documented vulnerability. CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.
How severe is CVE-2026-1502?
CVSS scoring is not yet available for CVE-2026-1502. Check NVD for updates.
Is there a patch for CVE-2026-1502?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.