CVE-2026-25577

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Emmett versions prior to 1.3.11

Description The cookies property in emmett core.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticated attackers to trigger HTTP 500 errors and cause denial of service. Sending cookies containing special characters such as /(){} can result in insufficient error handling and a server error. The vulnerable code is located in emmett core/http/wrappers/ init .py at line 64. The issue can lead to performance degradation and difficulty in using the service normally.

Recommendations Update to Emmett version 1.3.11 or later.

Exploit

Fix

DoS

Improper Restriction of Excessive Authentication Attempts

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-307CWE-248CWE-703

Related Identifiers

CVE-2026-25577

GHSA-X6CR-MQ53-CC76

Affected Products

Emmett

CVE-2026-25577

Weakness Enumeration

Related Identifiers

Affected Products

References · 11