CVE-2026-6019

CVSS v4.0

2.1

Low

AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

http.cookies.Morsel.js output() returns an inline inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-150

Related Identifiers

CVE-2026-6019

Affected Products

Cpython

CVE-2026-6019

Weakness Enumeration

Related Identifiers

Affected Products

References · 5