CVE-2026-9658

Gravedad:

Pendiente de análisis

Tipo:

CWE-113 Neutralización incorrecta de secuencias CRLF en cabeceras HTTP (División de respuesta HTTP)

Fecha de publicación:

28/05/2026

Última modificación:

29/05/2026

Descripción

*** Pendiente de traducción *** Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The header injection rule was ineffective at blocking header injections in the request paths unless they were double-encoded, for example, GET /path\r\nHTTP/1.1\r\nHost: secret.example.com Note that it is unclear whether request paths with CRLF followed by additional headers would be blocked by reverse proxies, or how they would be processed by Plack-based servers.

Impacto

Referencias a soluciones, herramientas e información

https://metacpan.org/release/RRWO/Plack-Middleware-Security-Simple-v0.13.1/changes
http://www.openwall.com/lists/oss-security/2026/05/28/9