By weakness (CWE)
CWE-625: related vulnerabilities
CVEs classified under CWE-625. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
1 published vulnerability
- CVE-2026-37737MEDIUM 6.5
A flaw in sanic-cors version 2.2.0 and earlier allows attackers to circumvent CORS (Cross-Origin Resource Sharing) origin restrictions. The vulnerability stems from improper validation of allowed origins: an attacker can register a domain name that starts with a trusted origin string to trick the library into allowing cross-origin requests that should have been blocked. For example, if a site trusts 'trusted.com', an attacker registering 'trusted.com.attacker.com' could bypass the allowlist. This exposes authenticated resources to unauthorized cross-origin access.