Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2026-47075— CR/LF injection in query parameter in hackney

AI Predicted 8.6 Difficulty: Easy EPSS 0.02% · P6

Possible ATT&CK Techniques 1AI

T1100

Affected Version Matrix 2

VendorProductVersion RangeStatus
benoitchackney< 4.0.1affected
8bb1a359a81ae58567c84f8d24564e9742e6f2bd< ca73dd0aba0ed557449c18288bf07241671a43c9affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-47075

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
CR/LF injection in query parameter in hackney
Source: NVD (National Vulnerability Database)
Vulnerability Description
Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return (\r) or line feed (\n) characters in the URL query component before constructing the HTTP/1.1 request target. Characters outside the grammar defined in RFC 3986 Section 3.4 must be percent-encoded, but hackney_url:make_url/3 passes the query binary directly without validation or escaping. An attacker who can control all or part of a URL passed to hackney can inject raw CRLF sequences into the query string, which are then sent as HTTP line breaks in the request target. This enables injection of arbitrary HTTP headers or splitting of the HTTP request. This issue affects hackney: from 0 before 4.0.1.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对CRLF序列的转义处理不恰当(CRLF注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Hackney 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Hackney是Hackney公司的一个程序库。 Hackney 0至4.0.1之前版本存在安全漏洞,该漏洞源于URL查询组件未对CRLF字符进行百分号编码,可能导致HTTP请求拆分。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
benoitchackney 0 ~ 4.0.1 cpe:2.3:a:benoitc:hackney:*:*:*:*:*:*:*:*
benoitchackney 8bb1a359a81ae58567c84f8d24564e9742e6f2bd ~ ca73dd0aba0ed557449c18288bf07241671a43c9 cpe:2.3:a:benoitc:hackney:*:*:*:*:*:*:*:*

II. Public POCs for CVE-2026-47075

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-47075

登录查看更多情报信息。

Patches & Fixes for CVE-2026-47075 (1)

Vendor Advisories for CVE-2026-47075 (3)

Same Patch Batch · benoitc · 2026-05-25 · 10 CVEs total

CVE-2026-47070HTTP/3 redirect handler leaks Authorization and Cookie headers to cross-origin redirect ta
CVE-2026-47069CRLF injection in cookie domain/path options in hackney
CVE-2026-47076SSRF allowlist bypass via percent-encoded host in hackney
CVE-2026-47073Unbounded memory consumption in WebSocket client in hackney
CVE-2026-47072CRLF injection in WebSocket upgrade request in hackney
CVE-2026-47077Unbounded body accumulation in HTTP/3 response loop in hackney
CVE-2026-47067Atom table exhaustion via unrecognized URL schemes in hackney
CVE-2026-47071SOCKS5 TLS upgrade ignores caller timeout in hackney
CVE-2026-47066Infinite loop in Alt-Svc header parser in hackney

IV. Related Vulnerabilities

Same product: hackney
Same vendor: benoitc
Same weakness: CWE-93

V. Comments for CVE-2026-47075

No comments yet

Leave a comment