CVE-2026-1502

UNKNOWN 0.0

HTTP client proxy tunnel headers not validated for CR/LF

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

7th

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.

Vendor	python software foundation
Product	cpython
Published	Apr 10, 2026
Last Updated	Jun 4, 2026

Stay Ahead of the Next One

Get instant alerts for python software foundation cpython

Be the first to know when new unknown vulnerabilities affecting python software foundation cpython are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Python Software Foundation / CPython

0 < 3.14.5rc1 3.15.0a1 < 3.15.0b1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/python/cpython/pull/146212 github.com: https://github.com/python/cpython/issues/146211 mail.python.org: https://mail.python.org/archives/list/[email protected]/thread/2IVPAEQWUJBCTQZEJEVTYCIKSMQPGRZ3/ github.com: https://github.com/python/cpython/commit/05ed7ce7ae9e17c23a04085b2539fe6d6d3cef69 github.com: https://github.com/python/cpython/commit/b1cf9016335cb637c5a425032e8274a224f4b2ed github.com: https://github.com/python/cpython/commit/9e071c9b28c17f347f81b388a003d4eeb3c7a8dd github.com: https://github.com/python/cpython/commit/c00c386faa579ad71196d33408644478488e43ec openwall.com: http://www.openwall.com/lists/oss-security/2026/04/11/4

Credits

🔍 senseicat Seth Larson