All 5 CVE vulnerabilities found in bandit, with AI-generated Chinese analysis, references, and POCs.
Vendor: mtrudel
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-39805 | CL.CL HTTP request smuggling via duplicate Content-Length in bandit CWE-444 | 9.1 | - | 2026-05-01 |
| CVE-2026-39804 | WebSocket permessage-deflate inflate has no output-size cap in bandit CWE-770 | 7.5 | - | 2026-05-01 |
| CVE-2026-39807 | Client-supplied URI scheme trusted without transport verification in bandit CWE-807 | 7.5 | - | 2026-05-01 |
| CVE-2026-42786 | WebSocket fragmented message reassembly unbounded in bandit CWE-770 | 7.5 | - | 2026-05-01 |
| CVE-2026-42788 | HTTP/2 frame size limit checked after body is buffered in bandit CWE-770 | 5.9 | - | 2026-05-01 |
All 5 known CVE vulnerabilities affecting bandit with full Chinese analysis, references, and POCs where available.