MEDIUM
ashleysommer
CVE published 2026-06-05
CVE-2026-37737
CVE-2026-37737 is a MEDIUM severity vulnerability in sanic-cors version 2.2.0 and prior. The vulnerability is caused by an improper regular expression in the `try_match()` function in `sanic_cors/core.py` that uses `re.match` without end-anchoring. This allows an attacker to bypass CORS origin allowlists by registering a domain that begins with a trusted origin string, to gain unauthorized access to cross [truncated]