UBUNTU-CVE-2026-7010

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2026-7010

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-7010.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-7010

Upstream

CVE-2026-7010

Published

2026-05-11T22:22:00Z

Modified

2026-05-26T19:29:39.593620644Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are the method and URI in the request line, the URL host that becomes the Host: header, and HTTP/1.1 control data field values. An attacker who controls one of these inputs, for example a user supplied URL passed to a webhook or URL fetch endpoint, can inject additional headers and smuggle requests to the upstream server.

References

Affected packages

Ubuntu:16.04:LTS

libhttp-tiny-perl

Package

Name: libhttp-tiny-perl
Purl: pkg:deb/ubuntu/libhttp-tiny-perl?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.056-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libhttp-tiny-perl",
            "binary_version": "0.056-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-7010.json"

Ubuntu:18.04:LTS

libhttp-tiny-perl

Package

Name: libhttp-tiny-perl
Purl: pkg:deb/ubuntu/libhttp-tiny-perl?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.070-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libhttp-tiny-perl",
            "binary_version": "0.070-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-7010.json"

Ubuntu:20.04:LTS

libhttp-tiny-perl

Package

Name: libhttp-tiny-perl
Purl: pkg:deb/ubuntu/libhttp-tiny-perl?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.076-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libhttp-tiny-perl",
            "binary_version": "0.076-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-7010.json"

Ubuntu:22.04:LTS

libhttp-tiny-perl

Package

Name: libhttp-tiny-perl
Purl: pkg:deb/ubuntu/libhttp-tiny-perl?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.076-1

0.080-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libhttp-tiny-perl",
            "binary_version": "0.080-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-7010.json"

Ubuntu:24.04:LTS

libhttp-tiny-perl

Package

Name: libhttp-tiny-perl
Purl: pkg:deb/ubuntu/libhttp-tiny-perl?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.082-2

0.088-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libhttp-tiny-perl",
            "binary_version": "0.088-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-7010.json"

Ubuntu:25.10

libhttp-tiny-perl

Package

Name: libhttp-tiny-perl
Purl: pkg:deb/ubuntu/libhttp-tiny-perl?arch=source&distro=questing

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.090-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libhttp-tiny-perl",
            "binary_version": "0.090-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-7010.json"

Ubuntu:26.04:LTS

libhttp-tiny-perl

Package

Name: libhttp-tiny-perl
Purl: pkg:deb/ubuntu/libhttp-tiny-perl?arch=source&distro=resolute

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.090-1

0.092-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libhttp-tiny-perl",
            "binary_version": "0.092-1"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-7010.json"