CVE-2026-1502

medium Red Hat
CVSS v3 Base Score
4.5
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N
EPSS Score
0.0%
Exploitation probability in 30 days
Top 93% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Confidentiality
None
Integrity
High
Availability
None
Published: April 10, 2026 (91 days ago)
Last Modified: April 10, 2026
Vendor: Red Hat
Fix Available: ✓ Yes
Source: REDHAT

Description

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.

CWE

CWE-93

Affected Products

Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat Enterprise Linux AI (RHEL AI) 3Red Hat Enterprise Linux 10Red Hat Hardened ImagesRed Hat Update Infrastructure 5

Fix Status

✅ Fix Available

References