PT-2026-56500 · Guzzle · Psr7
Published
2026-07-08
·
Updated
2026-07-08
·
CVE-2026-59882
CVSS v3.1
4.2
Medium
| Vector | AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N |
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.3, Uri::assertValidHost() does not reject URI host components containing authority delimiters, embedded ports, or malformed IPv6 brackets, allowing Uri::getHost() to disagree with the URI authority used for security or routing decisions. This issue is fixed in version 2.12.3.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Psr7