CVE-2026-6874

Name of the Vulnerable Software and Affected Versions ericc-ch copilot-api versions prior to 0.7.1

Description An issue exists in the Header Handler component within the '/token' file. A remote attacker can manipulate the Host argument, leading to a reliance on reverse DNS resolution, which is the process of querying the Domain Name System to obtain the domain name associated with a given IP address.

Recommendations Update ericc-ch copilot-api to a version later than 0.7.0. As a temporary workaround, restrict access to the '/token' endpoint to minimize the risk of exploitation.