CVE-2026-9658

Name of the Vulnerable Software and Affected Versions Plack::Middleware::Security::Common versions prior to 0.13.1

Description The software fails to block header injections within request paths. The header injection rule is ineffective unless the injections are double-encoded, allowing Carriage Return and Line Feed (CRLF) characters to be present in the request path, which could potentially lead to the injection of additional HTTP headers.

Recommendations Update to version 0.13.1 or later.