CVE-2026-48861: Missing Http Method Validation Crlf
HTTP method is merged into the request serialization list without prior validation. An attacker can pass malicious methods containing CRLF sequences to inject HTTP headers or smuggle requests. Ensure the given method string is validated to contain only allowed characters before constructing the payload.
Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0elixir
greprules fetch cve-2026-48861-missing-http-method-validation-crlf --engine opengrepDescription
HTTP method is merged into the request serialization list without prior validation. An attacker can pass malicious methods containing CRLF sequences to inject HTTP headers or smuggle requests. Ensure the given method string is validated to contain only allowed characters before constructing the payload.
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.