CVE-2026-32993
Severity CVSS v4.0:
Pending analysis
Type:
CWE-93
Improper Neutralization of CRLF Sequences ('CRLF Injection')
Publication date:
13/05/2026
Last modified:
14/05/2026
Description
Improper sanitization of the `status` query parameter of the `/unprotected/nova_error` endpoint allows unauthenticated attacker to inject arbitrary HTTP header to the response.
Impact
Base Score 3.x
8.30
Severity 3.x
HIGH



