CVE-2026-6019 in CPythoninformation

Résumé

par MITRE • 22/04/2026

http.cookies.Morsel.js_output() returns an inline <script> snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence </script> inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

PSF

Réserver

09/04/2026

Divulgation

22/04/2026

Modérer

accepté

Entrée

VDB-359054

CPE

prêt

EPSS

0.00063

KEV

non

Activités

très faible

Secteur

Energy, Pharma, ...

Sources

MITREhttps://www.cve.org/CVERecord?id=CVE-2026-6019
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2026-6019
CVE Detailshttps://www.cvedetails.com/cve/CVE-2026-6019/

PrécédentAperçuSuivant

Do you know our Splunk app?

Download it now for free!