By weakness (CWE)
CWE-790: related vulnerabilities
CVEs classified under CWE-790. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
1 published vulnerability
- CVE-2026-9658HIGH 7.3
Plack::Middleware::Security::Common, a security middleware for Perl web applications, contains a flaw in how it filters HTTP header injection attacks when they appear in request paths. The middleware was designed to block header injections but only reliably caught attacks that were double-encoded. Single-encoded CRLF sequences (carriage return/line feed) embedded in request paths could slip through, potentially allowing attackers to inject malicious HTTP headers. The actual impact depends on how reverse proxies and the underlying Plack-based server process these malformed requests, which remains unclear in practice.