CWE-93— CRLF Injection
The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.— MITRE CWE catalog
161 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-93page 2 of 4
- CVE-2024-45597MEDIUMCVSS 5.3EG 5.32024-09-10
Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. Scripts passing user-controlled values to http.request header values are affected. An attacker could use this to send arbitrary requests, potentially leveraging au…
- CVE-2024-48867HIGHCVSS 7.5EG 7.52024-12-06
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We …
- CVE-2024-48868HIGHCVSS 7.5EG 7.52024-12-06
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We …
- CVE-2024-50405MEDIUMCVSS 5.5EG 5.52025-03-07
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator ac…
- CVE-2024-51501CRITICALCVSS 10.0EG 10.02024-11-04
Refit is an automatic type-safe REST library for .NET Core, Xamarin and .NET The various header-related Refit attributes (Header, HeaderCollection and Authorize) are vulnerable to CRLF injection. The way HTTP headers are added to a request…
- CVE-2024-5193MEDIUMCVSS 5.3EG 5.32024-05-22
A security vulnerability has been detected in Ritlabs TinyWeb Server 1.94. This vulnerability affects unknown code of the component Request Handler. The manipulation with the input %0D%0A leads to crlf injection. It is possible to initiate…
- CVE-2024-51981MEDIUMCVSS 5.3EG 5.32025-06-25
An unauthenticated attacker may perform a blind server side request forgery (SSRF), due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This SSRF leverages the WS-Addressing feature used during a WS-Event…
- CVE-2024-53693HIGHCVSS 7.1EG 7.12025-03-07
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to m…
- CVE-2024-7472MEDIUMCVSS 6.5EG 5.32024-10-29
lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API (/v1/users/send-verification) and Sign up API (/auth/signup). An unauthenticated attacker can inject data into outgoing emails by bypassi…
- CVE-2025-0293MEDIUMCVSS 6.6EG 6.62025-07-08
CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a protected configuration file on disk.
- CVE-2025-11468MEDIUMCVSS 5.7EG 5.72026-01-20
When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not s…
- CVE-2025-14531MEDIUMCVSS 4.3EG 4.32025-12-11
A vulnerability was found in code-projects Rental Management System 2.0. This affects an unknown function of the file Transaction.java of the component Log Handler. Performing manipulation results in crlf injection. The attack can be initi…
- CVE-2025-15282MEDIUMCVSS 6.0EG 6.02026-01-20
User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.
- CVE-2025-25184MEDIUMCVSS 6.5EG 6.52025-02-12
Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.11, 3.0.12, and 3.1.10, Rack::CommonLogger can be exploited by crafting input that includes newline characters to manipulate log entries. The supplie…
- CVE-2025-27111HIGHCVSS 7.5EG 7.52025-03-04
Rack is a modular Ruby web server interface. The Rack::Sendfile middleware logs unsanitised header values from the X-Sendfile-Type header. An attacker can exploit this by injecting escape sequences (such as newline characters) into the hea…
- CVE-2025-28357HIGHCVSS 8.8EG 8.82025-10-01
A CRLF injection vulnerability in Neto CMS v6.313.0 through v6.314.0 allows attackers to execute arbitrary code via supplying a crafted HTTP request.
- CVE-2025-40671CRITICALCVSS 9.3EG 9.32025-05-26
SQL injection vulnerability in AES Multimedia's Gestnet v1.07. This vulnerability allows an attacker to retrieve, create, update and delete databases via the ‘fk_remoto_central’ parameter on the ‘/webservices/articles.php’ endpoint.
- CVE-2025-41376MEDIUMCVSS 5.3EG 5.32025-08-01
CRLF Injection vulnerability in Limesurvey v2.65.1+170522. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via '/index.php/survey/index/sid/<SID>/token/fwyfw%0…
- CVE-2025-48388MEDIUMCVSS 6.5EG 6.52025-05-29
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, the application performs insufficient validation of user-supplied data, which is used as arguments to string formatting functions. As a result, an atta…
- CVE-2025-52479HIGHCVSS 7.7EG 7.72025-06-25
HTTP.jl provides HTTP client and server functionality for Julia, and URIs.jl parses and works with Uniform Resource Identifiers (URIs). URIs.jl prior to version 1.6.0 and HTTP.jl prior to version 1.10.17 allows the construction of URIs con…
- CVE-2025-53094HIGHCVSS 8.7EG 8.72025-06-27
ESPAsyncWebServer is an asynchronous HTTP and WebSocket server library for ESP32, ESP8266, RP2040 and RP2350. In versions up to and including 3.7.8, a CRLF (Carriage Return Line Feed) injection vulnerability exists in the construction and …
- CVE-2025-54972MEDIUMCVSS 4.3EG 4.32025-11-18
An improper neutralization of crlf sequences ('crlf injection') vulnerability in Fortinet FortiMail 7.6.0 through 7.6.3, FortiMail 7.4.0 through 7.4.5, FortiMail 7.2 all versions, FortiMail 7.0 all versions may allow an attacker to inject …
- CVE-2025-56007MEDIUMCVSS 6.5EG 6.52025-10-23
CRLF-injection in KeeneticOS before 4.3 at "/auth" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit.
- CVE-2025-57804MEDIUMCVSS 6.9EG 6.92025-08-25
h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs w…
- CVE-2025-59151HIGHCVSS 8.2EG 8.22025-10-27
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface before 6.3 is vulnerable to Carriage Return Line Feed (CRLF) injection. When …
- CVE-2025-59419MEDIUMCVSS 5.5EG 5.52025-10-15
Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty contains an SMTP command injection vulnerability due to insufficient input validation for Car…
- CVE-2025-6175HIGHCVSS 7.2EG 7.22025-07-29
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in DECE Software Geodi allows HTTP Request Splitting. This issue affects Geodi: before GEODI Setup 9.0.146.
- CVE-2025-61884HIGHCVSS 7.5EG 9.0⚠ KEV2025-10-12
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network ac…
- CVE-2025-67735MEDIUMCVSS 6.5EG 6.52025-12-16
Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the `io.netty.handler.codec.http.HttpRequestEncoder` has a CRLF injection with the request URI when constructing a re…
- CVE-2025-8419MEDIUMCVSS 5.3EG 5.32025-08-06
A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the em…
- CVE-2025-8715HIGHCVSS 8.8EG 8.82025-08-14
Improper neutralization of newlines in pg_dump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-comm…
- CVE-2026-0672MEDIUMCVSS 6.0EG 6.02026-01-20
When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.
- CVE-2026-11362CRITICALCVSS 9.8EG 9.82026-06-05
DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sources. The format_event method (used by t…
- CVE-2026-11373CRITICALCVSS 9.1EG 9.12026-06-22
Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections. Net::Statsite::Client is a client for the statsite protocol, which is a variant of statsd. Newlines are not removed from metric names, allowing metric injecti…
- CVE-2026-12127MEDIUMCVSS 5.3EG 5.32026-07-01
The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences ('CRLF Injection') in all versions up to, and including, 1.10…
- CVE-2026-12143HIGHCVSS 7.5EG 7.52026-06-12
form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the `field` argument to `FormData#append` and the `filename` option are concatenated verbatim into the `Content-Disposition` header withou…
- CVE-2026-1299MEDIUMCVSS 6.0EG 6.02026-01-23
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using …
- CVE-2026-1467MEDIUMCVSS 5.8EG 6.12026-01-27
A flaw was found in libsoup, an HTTP client library. This vulnerability, known as CRLF (Carriage Return Line Feed) Injection, occurs when an HTTP proxy is configured and the library improperly handles URL-decoded input used to create the H…
- CVE-2026-1502MEDIUMCVSS 5.7EG 5.72026-04-10
CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.
- CVE-2026-1536MEDIUMCVSS 5.8EG 5.82026-01-28
A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF (Carriage Return Line Feed) sequences into the header value. These sequences are then interpreted verbatim when the HTTP …
- CVE-2026-1714HIGHCVSS 8.6EG 8.62026-02-18
The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is vulnerable to Email Relay Abuse in all versions up to, and including, 3.3.2. This is due to the lack of validation…
- CVE-2026-21428HIGHCVSS 7.5EG 7.52026-01-01
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.0, the ``write_headers`` function does not check for CR & LF characters in user supplied headers, allowing untrusted header value to es…
- CVE-2026-22777HIGHCVSS 7.5EG 7.52026-01-10
ComfyUI-Manager is an extension designed to enhance the usability of ComfyUI. Prior to versions 3.39.2 and 4.0.5, an attacker can inject special characters into HTTP query parameters to add arbitrary configuration values to the config.ini …
- CVE-2026-23829MEDIUMCVSS 5.3EG 5.32026-01-19
Mailpit is an email testing tool and API for developers. Prior to version 1.28.3, Mailpit's SMTP server is vulnerable to Header Injection due to an insufficient Regular Expression used to validate `RCPT TO` and `MAIL FROM` addresses. An at…
- CVE-2026-23953HIGHCVSS 8.7EG 8.72026-01-22
Incus is a system container and virtual machine manager. In versions 6.20.0 and below, a user with the ability to launch a container with a custom YAML configuration (e.g a member of the ‘incus’ group) can create an environment variabl…
- CVE-2026-2400MEDIUMCVSS 4.3EG 4.32026-04-14
CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability exists that could cause application user credentials to reset when a Web Admin user alters the POST /setPCBEDesc request payload.
- CVE-2026-2442MEDIUMCVSS 5.3EG 5.32026-03-28
The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences ('CRLF Injection') in all versions up to, and including, 2.0.7. This is due to the contact form h…
- CVE-2026-24489MEDIUMCVSS 5.3EG 5.32026-01-27
Gakido is a Python HTTP client focused on browser impersonation and anti-bot evasion. A vulnerability was discovered in Gakido prior to version 0.1.1 that allowed HTTP header injection through CRLF (Carriage Return Line Feed) sequences in …
- CVE-2026-26962MEDIUMCVSS 4.8EG 4.82026-04-02
Rack is a modular Ruby web server interface. From version 3.2.0 to before version 3.2.6, Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the e…
- CVE-2026-2717MEDIUMCVSS 5.5EG 5.52026-04-22
The HTTP Headers plugin for WordPress is vulnerable to CRLF Injection in all versions up to, and including, 1.19.2. This is due to insufficient sanitization of custom header name and value fields before writing them to the Apache .htaccess…
Map vulnerabilities like CWE-93 to your infrastructure
EchelonGraph correlates every CVE — across CWE-93 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →