By vendor

Morgan_project vulnerabilities

Known CVEs affecting Morgan_project products, prioritized by severity, with SEC.co remediation and detection guidance.

1 published vulnerability

  • CVE-2026-5078MEDIUM 5.3

    Morgan, a popular Node.js HTTP request logging middleware, has a vulnerability in how it handles usernames from HTTP Basic authentication. When processing login attempts, the logging middleware extracts the username and writes it to application logs without sanitizing special control characters like line breaks. An attacker can craft a fake login attempt with hidden line-break characters embedded in the username field, causing the log entry to split across multiple lines and appearing to contain forged log records. This can deceive downstream systems that rely on logs for security monitoring or compliance auditing.