Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
Ecosystem
Package
Version
Vulnerabilities
CVE-2026-0672
CVE-2026-0672
When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.
Published Jan 22, 2026
https://github.com/python/cpython/issues/143919
CVSS Score
Medium
6.0
Components Impacted
Components Impacted
Security Details
Security Details
Sonatype Research
Sonatype Research
Ecosystem
Package
Version
Ecosystem
Package
Version
conan
cpython
2.7.18
conan
cpython
3.10.0
conan
cpython
3.10.14
conan
cpython
3.11.9
conan
cpython
3.12.2
conan
cpython
3.12.7
conan
cpython
3.7.12
conan
cpython
3.8.12
conan
cpython
3.8.19
conan
cpython
3.9.19
conan
cpython
3.9.7
conda
free/python
1.0.1
conda
free/python
2.6.8
conda
free/python
2.6.9
conda
free/python
2.7.10
conda
free/python
2.7.11
conda
free/python
2.7.12
conda
free/python
2.7.13
conda
free/python
2.7.3
conda
free/python
2.7.4
conda
free/python
2.7.5
conda
free/python
2.7.6
conda
free/python
2.7.7
conda
free/python
2.7.8
conda
free/python
2.7.9
conda
free/python
3.3.0
conda
free/python
3.3.1
conda
free/python
3.3.2
conda
free/python
3.3.3
conda
free/python
3.3.4
conda
free/python
3.3.5
conda
free/python
3.4.0
conda
free/python
3.4.1
conda
free/python
3.4.2
conda
free/python
3.4.3
conda
free/python
3.4.4
conda
free/python
3.4.5
conda
free/python
3.5.0
conda
free/python
3.5.0rc4
conda
free/python
3.5.1
conda
free/python
3.5.2
conda
free/python
3.5.3
conda
free/python
3.5.4
conda
free/python
3.6.0
conda
free/python
3.6.1
conda
free/python
3.6.2
conda
main/python
2.7.13
conda
main/python
2.7.14
conda
main/python
2.7.15
conda
main/python
2.7.16
1-50 of 656
CVE-2026-0672 | Components Impacted | Sonatype Guide | Sonatype Guide
