You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2026 1502
About this tag
CVE-2026-1502 is a medium-severity CPython vulnerability published in April 2026. It affects Python's HTTP client proxy tunneling code, which failed to reject carriage-return and line-feed characters in tunnel host and header values. This flaw resides in proxy negotiation and CONNECT tunnels within standard-library code. For Windows administrators and developers, the practical concern is whether internal tooling, agents, automation, or services allow untrusted input to reach Python's proxy-tunnel setup path. The vulnerability is not spectacular but highlights a risk in commonly assumed safe plumbing. Understanding CVE-2026-1502 helps in assessing exposure in Windows environments where Python scripts or services handle proxy configurations.
CVE-2026-1502 is a medium-severity CPython vulnerability published in April 2026 in which Python’s HTTP client proxy tunneling code failed to reject carriage-return and line-feed characters in tunnel host and header values. The bug matters less because it is spectacular and more because it sits...