CVE-2026-32993

Published: Mag 14, 2026 Last Modified: Mag 14, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 8,3

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: changed

Confidentiality: low

Integrity: low

Availability: low

Description

AI Translation Available

Improper sanitization of the `status` query parameter of the `/unprotected/nova_error` endpoint allows unauthenticated attacker to inject arbitrary HTTP header to the response.

Improper Neutralization of CRLF Sequences ('CRLF Injection')

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity

Potential Impacts:

Modify Application Data

Applicable Platforms

All platforms may be affected

View CWE Details

https://support.cpanel.net/hc/en-us/articles/40437313190295…

https://support.cpanel.net/hc/en-us/articles/40437313190295-Security-CVE-2026-3…

CVE-2026-32993

Description

Improper Neutralization of CRLF Sequences ('CRLF Injection')

Common Consequences

Applicable Platforms

Iscriviti alla newsletter