PYSEC-2026-1058

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/uwsgi/PYSEC-2026-1058.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1058
Aliases
Published
2026-07-07T10:17:28.280695Z
Modified
2026-07-07T11:56:18.462638605Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
Apache HTTP Server via mod_proxy_uwsgi HTTP response smuggling
Details

HTTP Response Smuggling vulnerability in Apache HTTP Server via modproxyuwsgi. This issue affects Apache HTTP Server from 2.4.30 through 2.4.55 and the uWSGI PyPI package prior to version 2.0.22. Special characters in the origin response header can truncate/split the response forwarded to the client.

References

Affected packages

PyPI / uwsgi

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.22

Affected versions

1.*
1.4.9
1.4.10
1.9
1.9.1
1.9.2
1.9.3
1.9.4
1.9.5
1.9.6
1.9.7
1.9.8
1.9.9
1.9.10
1.9.11
1.9.12
1.9.13
1.9.14
1.9.15
1.9.16
1.9.17
1.9.17.1
1.9.18
1.9.18.1
1.9.18.2
1.9.19
1.9.20
1.9.21
1.9.21.1
2.*
2.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.5.1
2.0.6
2.0.7
2.0.8
2.0.9
2.0.10
2.0.11
2.0.11.1
2.0.11.2
2.0.12
2.0.13
2.0.13.1
2.0.14
2.0.15
2.0.16
2.0.17
2.0.17.1
2.0.18
2.0.19
2.0.19.1
2.0.20
2.0.21

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/uwsgi/PYSEC-2026-1058.yaml"