CVE-2026-1502

Summary

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.

Affected Software

VendorProductVersion RangeStatus
Python Software FoundationCPython0 < 3.13.14affected
Python Software FoundationCPython3.14.0a1 < 3.14.5rc1affected
Python Software FoundationCPython3.15.0a1 < 3.15.0b1affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References