CVE-2026-1502 CR — Exploit & Vulnerability Details MEDIUM

CVE-2026-1502

MEDIUM CVSS 4.0: 5.7 EPSS 0.06%

Parameter	Value
CVSS	5.7 (MEDIUM)
Vendor	CR
Public PoC	No

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Attack Requirements

Present

Additional conditions required

Privileges Required

High

Admin privileges needed

User Interaction

Passive

Minimal interaction

Impact Assessment

Confidentiality

None

No data leak

Integrity

High

Complete data modification

Availability

None

No disruption

CVSS Vector v4.0

References 5

https://github.com/python/cpython/commit/05ed7ce7ae9e17c23a04085b2539fe6d6d3cef…

cna@python.org

https://github.com/python/cpython/issues/146211

cna@python.org

https://github.com/python/cpython/pull/146212

cna@python.org

https://mail.python.org/archives/list/security-announce@python.org/thread/2IVPA…

cna@python.org

http://www.openwall.com/lists/oss-security/2026/04/11/4

af854a3a-2127-422b-91ae-364da2661108

Share Post Share Share Share

Menu

CVE-2026-1502

Attack Parameters

Impact Assessment

CVSS Vector v4.0

References 5

CVE Details

Editor's Choice

Menu

CVE-2026-1502

Attack Parameters

Impact Assessment

CVSS Vector v4.0

References 5

CVE Details

Editor's Choice

Stay informed on cybersecurity