CVE-2026-10836

Summary

Improper handling of HTTP headers that allows a remote attacker to manipulate the value of the Host header using specially crafted requests. A successful exploit could result in the generation of manipulated links or responses, potentially leading to limited information disclosure or compromising the integrity of dependent services.

Affected Software

VendorProductVersion RangeStatus
Password ManagerPassword Manager0 < 08/07/2025affected
Password ManagerPassword Manager08/07/2025unaffected

Weaknesses

  • CWE-644: CWE-644 Improper neutralization of HTTP headers for scripting syntax

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References