Medium6.5Red Hat & Ubuntu Linux Updated
Cookie injection via malicious HTTP server using super cookies
CVE-2026-8924 Published Jul 3, 2026Updated by vendor Jul 3, 2026
CVE-2026-8924
Affected products & platforms
Red Hat & Ubuntu LinuxUnclassified
Summary
Cookie injection via malicious HTTP server using super cookies. Red Hat rates this moderate (CVSS 6.5). Weakness: CWE-565. Affected package(s): rust-main. Resolved in Red Hat advisory RHSA-2026:34975 — update the affected packages (`sudo dnf update`).
Affected versions
- rust-main-1.96.1-1.hum1
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Fixed versions
- RHSA-2026:34975
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- Do not use trailing-dot hostnames in URLs passed to curl. Trailing dots are uncommon and incompatible with TLS SNI. Upgrade to curl 8.21.0 to resolve
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.