PatchSiren

HAARG CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH HAARG CVE published 2026-07-07

CVE-2026-7017

HTTP::Tiny versions before 0.095 for Perl contain a vulnerability that forwards credential headers to cross-origin redirect targets. When a server returns a 3xx redirect, the `_maybe_redirect` function follows the `Location:` header and `_prepare_headers_and_cb` re-merges the caller's `headers` argument into the new request without checking whether the redirect target shares an origin with the original UR [truncated]