Medium4.8Vendor: LowRed Hat Linux Updated
CRLF injection in multipart headers
CVE-2026-50269 Published Jun 22, 2026Updated by vendor Jun 22, 2026
Affected products & platforms
Red Hat LinuxUnclassified
Summary
CRLF injection in multipart headers. Red Hat rates this low (CVSS 4.8). Weakness: CWE-93.
Affected versions
- < 3.14.0
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- Sanitize any user-controlled input before passing it to aiohttp's `MultipartWriter.append(headers=...)` or `Payload.headers` methods. Ensure that CRLF characters (carriage return and line feed) are stripped or rejected from header values.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.