CVE-2026-32993

Severity CVSS v4.0:
Pending analysis
Type:
CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')
Publication date:
13/05/2026
Last modified:
14/05/2026

Description

Improper sanitization of the `status` query parameter of the `/unprotected/nova_error` endpoint allows unauthenticated attacker to inject arbitrary HTTP header to the response.