CVE-2026-2717— HTTP Headers <= 1.19.2 - Authenticated (Administrator+) CRLF Injection via Custom Header Values
Possible ATT&CK Techniques 1AI
T1505.003 · Web ShellGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-2717
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HTTP Headers <= 1.19.2 - Authenticated (Administrator+) CRLF Injection via Custom Header Values
Source: NVD (National Vulnerability Database)
Vulnerability Description
The HTTP Headers plugin for WordPress is vulnerable to CRLF Injection in all versions up to, and including, 1.19.2. This is due to insufficient sanitization of custom header name and value fields before writing them to the Apache .htaccess file via `insert_with_markers()`. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary newline characters and additional Apache directives into the .htaccess configuration file via the 'Custom Headers' settings, leading to Apache configuration parse errors and potential site-wide denial of service.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对CRLF序列的转义处理不恰当(CRLF注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
WordPress plugin HTTP Headers 注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。 WordPress plugin HTTP Headers 1.19.2及之前版本存在注入漏洞,该漏洞源于自定义标头名称和值字段在写入Apache .htaccess文件前清理不足,可能导致具有管理员及以上权限的认证攻击者注入任意换行符和Apache
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| zinoui | HTTP Headers | 0 ~ 1.19.2 | - |
II. Public POCs for CVE-2026-2717
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-2717
请登录查看更多情报信息。
Same Patch Batch · zinoui · 2026-04-22 · 3 CVEs total
| CVE-2026-4132 | 7.2 HIGH | HTTP Headers <= 1.19.2 - Authenticated (Administrator+) External Control of File Name or P |
| CVE-2026-1379 | 4.4 MEDIUM | HTTP Headers <= 1.19.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'C |
IV. Related Vulnerabilities
Same product: HTTP Headers
- CVE-2026-4132
HTTP Headers <= 1.19.2 - Authenticated (Administrator+) Exte - CVE-2026-1379
HTTP Headers <= 1.19.2 - Authenticated (Administrator+) Stor - CVE-2023-37978
WordPress HTTP Headers Plugin <= 1.18.11 is vulnerable to Se - CVE-2023-37874
WordPress HTTP Headers Plugin <= 1.18.11 is vulnerable to Cr - CVE-2023-1208
HTTP Headers < 1.18.11 - Admin+ Remote Code Execution
Same weakness: CWE-93
- CVE-2026-47072
CRLF injection in WebSocket upgrade request in hackney - CVE-2026-47075
CR/LF injection in query parameter in hackney - CVE-2026-47069
CRLF injection in cookie domain/path options in hackney - CVE-2026-8788
Net::Statsd::Lite versions through 0.10.0 for Perl allowed m - CVE-2026-46720
Net::Statsd::Tiny versions before 0.3.8 for Perl allowed met
V. Comments for CVE-2026-2717
No comments yet