MEDIUM
Mail
CVE published 2026-04-10
CVE-2026-1502
CVE-2026-1502 describes a CR/LF handling flaw where bytes were not rejected in HTTP client proxy tunnel headers or host values. In practical terms, that kind of validation gap can let attacker-controlled input alter outbound request formatting in proxy-related flows. The supplied references point to CPython fixes and a Python security announcement, while the NVD snapshot is still marked "Awaiting Analysis."