wsgiref.headers.Headers allows header newline injection in Python
Summary
wsgiref.headers.Headers allows header newline injection in Python. Red Hat rates this moderate (CVSS 4.5). Weakness: CWE-74. Affected package(s): python3.11, python3, rhui5/haproxy-rhel9:1779798164, rhui5/rhua-rhel9:1773670137, rhui5/rhua-rhel9:1779798222, python3.12. Resolved in Red Hat advisory RHSA-2026:2128 — update the affected packages (`sudo dnf update`).
- python3.11-0:3.11.7-1.el9_4.11
- python3-12-main-3.12.13-3.hum1
- python3.11-0:3.11.13-5.el8_10
- rhui5/haproxy-rhel9:1779798164
- rhui5/rhua-rhel9:1773670137
- rhui5/rhua-rhel9:1779798222
- python3.11-0:3.11.13-7.el9_8
- python3.12-0:3.12.12-3.el8_10
- python3.9-0:3.9.25-5.el9_8
- python3-14-main-3.14.4-1.hum1
- rhui5/cds-rhel9:1773670073
- rhui5/haproxy-rhel9:1773672059
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
- RHSA-2026:2128
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Mitigation checklist
- Update the affected package(s) to the fixed version shipped in RHSA-2026:2128 (`sudo dnf update` / `yum update`).
Official advisory · high-confidence parse· fetched 5 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.