Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-9658
Received
More InfoOfficial Page
Source-9b29abf9-4ab0-4765-b253-1875cd9b441e
View Known Exploited Vulnerability (KEV) details
Published At-28 May, 2026 | 13:16
Updated At-28 May, 2026 | 13:16

Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The header injection rule was ineffective at blocking header injections in the request paths unless they were double-encoded, for example, GET /path\r\nHTTP/1.1\r\nHost: secret.example.com Note that it is unclear whether request paths with CRLF followed by additional headers would be blocked by reverse proxies, or how they would be processed by Plack-based servers.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-113Secondary9b29abf9-4ab0-4765-b253-1875cd9b441e
CWE-790Secondary9b29abf9-4ab0-4765-b253-1875cd9b441e
CWE ID: CWE-113
Type: Secondary
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
CWE ID: CWE-790
Type: Secondary
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://metacpan.org/release/RRWO/Plack-Middleware-Security-Simple-v0.13.1/changes9b29abf9-4ab0-4765-b253-1875cd9b441e
N/A
Hyperlink: https://metacpan.org/release/RRWO/Plack-Middleware-Security-Simple-v0.13.1/changes
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
Resource: N/A
Change History
0Changes found
Details not found