Is daphne affected by CVE-2026-44546?

PyPI daphne is affected in <4.2.2.

Is CVE-2026-44546 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.2%.

← Toutes les vulnérabilités

MEDIUMSupply chain

CVE-2026-44546

Q: Is CVE-2026-44546 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.2%.

PyPI · daphne

Résumé

daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or \x85 as header line separators, but autobahn decodes header values to str and calls splitlines(). An

Références

https://github.com/django/daphne/blob/main/CHANGELOG.txt

Vulnérabilités liées

Tout Supply chain →

HIGHCVE-2026-52801
Gogs has the ability to import local repositories via Mirror Settings
HIGHCVE-2026-52800
Gogs Vulnerable to CSRF Leading to Organization Owner Takeover
HIGHCVE-2026-52799
Gogs Missing Authorization in Attachment Download
HIGHCVE-2026-52798
Gogs has Stored XSS in `.ipynb` Preview
MEDIUMCVE-2026-50179
@actual-app/web has CSV Formula Injection in Transaction Export via Imported Payee/Notes Fields
HIGHCVE-2026-54353
@budibase/backend-core has potential SSRF DNS rebinding bypass in outbound fetch validation