CVE-2026-10836

Description

Improper handling of HTTP headers that allows a remote attacker to manipulate the value of the Host header using specially crafted requests. A successful exploit could result in the generation of manipulated links or responses, potentially leading to limited information disclosure or compromising the integrity of dependent services.

References

• https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-password-manager