FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Python -- HTTP proxy CONNECT tunnel does not sanitize CR/LF

Affected packages
0	<=	python310
0	<=	python311
0	<=	python312
0	<=	python313
		python314	<	3.14.4

Details

VuXML ID	30bda1c3-369b-11f1-b51c-6dd25bec137b
Discovery	2026-03-20
Entry	2026-04-12

Seth Larson reports:

HTTP proxy via "CONNECT" tunneling doesn't sanitize CR/LF (CVE-2026-1502).

[source]

References

CVE Name	CVE-2026-1502
URL	https://github.com/python/cpython/issues/146211

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.