CVE-2026-34767: Electron HTTP Header Injection Vuln <=38.8.6
Plattform
nodejs
Komponente
electron
Behoben in
38.8.6
CVE-2026-34767 describes an HTTP response header injection vulnerability affecting Electron applications. Specifically, apps using `protocol.handle()` or `webRequest.onHeadersReceived` are vulnerable if attacker-controlled input is reflected into response headers. Successful exploitation allows attackers to inject arbitrary headers, potentially modifying cookies, content security policy, or cross-origin access controls. This affects Electron versions up to and including 38.8.6. No official patch is currently available.
So beheben
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Häufig gestellte Fragen
What is CVE-2026-34767?
CVE-2026-34767 is an HTTP response header injection vulnerability in Electron applications that improperly handle user-controlled input in response headers.
Am I affected by CVE-2026-34767?
You are affected if your Electron application (version 38.8.6 or earlier) uses `protocol.handle()` or `webRequest.onHeadersReceived` and reflects external input into response headers.
How can I fix or mitigate CVE-2026-34767?
Currently, there is no official patch. Validate or sanitize any external input before reflecting it into response headers to prevent header injection.
Abhängigkeiten automatisch überwachen
Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.
Kostenlos starten