CVE-2026-25577

Name of the Vulnerable Software and Affected Versions Emmett versions prior to 1.3.11

Description The cookies property in emmett core.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticated attackers to trigger HTTP 500 errors and cause denial of service. Sending cookies containing special characters such as /(){} can result in insufficient error handling and a server error. The vulnerable code is located in emmett core/http/wrappers/ init .py at line 64. The issue can lead to performance degradation and difficulty in using the service normally.

Recommendations Update to Emmett version 1.3.11 or later.