CVE 9.8 CRITICAL

CVE-2026-38967_CVE-2026-38967

June 3, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

CrowCpp Crow through v1.3.1 HTTP is vulnerable to response header injection via unvalidated response header values.

AI Analysis

Response header injection vulnerability via unvalidated response header values in CrowCpp Crow through v1.3.1

Basic Information

ID CVE-2026-38967

Source mitre

Published Jun 2, 2026 at 00:00

Modified Jun 3, 2026 at 16:06

Affected Product

Vendor CrowCpp

Product CrowCpp Crow

Version v1.3.1

Affected Versions n/a n/a n/a

CWE Classification

CWE-113

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor CrowCpp

Product CrowCpp Crow

Version v1.3.1

References

{
    "lastseen": "",
    "description": "CrowCpp Crow through v1.3.1 HTTP is vulnerable to response header injection via unvalidated response header values.",
    "published": "2026-06-02T00:00:00.000Z",
    "modified": "2026-06-03T16:06:06.706Z",
    "type": "cve",
    "title": "CVE-2026-38967",
    "source": "mitre",
    "references": "https://github.com/CrowCpp/Crow/issues/1165\nhttps://github.com/CrowCpp/Crow/pull/1167",
    "id": "CVE-2026-38967",
    "bulletinFamily": "",
    "cwe": [
        "CWE-113"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "CrowCpp Crow",
    "version": "v1.3.1",
    "vendor": "CrowCpp",
    "ai_description": "Response header injection vulnerability via unvalidated response header values in CrowCpp Crow through v1.3.1",
    "ai_severity": "Critical",
    "ai_vendor": "CrowCpp",
    "ai_product": "CrowCpp Crow",
    "ai_version": "v1.3.1",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply