Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2026-47069— CRLF injection in cookie domain/path options in hackney

AI Predicted 7.5 Difficulty: Moderate EPSS 0.02% · P6

Affected Version Matrix 2

VendorProductVersion RangeStatus
benoitchackney0.9.0< 4.0.1affected
602d5c7f2ea4acbc83ed75230655d935a0750ebc< 8e02b99c28aea1b3fa2ddc0e66f51fe5bb0ac540affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-47069

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
CRLF injection in cookie domain/path options in hackney
Source: NVD (National Vulnerability Database)
Vulnerability Description
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in benoitc hackney allows HTTP Response Splitting. The hackney_cookie:setcookie/3 function in src/hackney_cookie.erl validates the Name and Value arguments against CRLF and control characters, but concatenates the domain and path options verbatim into the output iolist with no equivalent check. An attacker who controls either option — for example by supplying a Host header value forwarded as the cookie domain, or a request path forwarded as the cookie path — can inject a literal CRLF sequence and arbitrary additional Set-Cookie headers into the HTTP response. This issue affects hackney: from 0.9.0 before 4.0.1.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
对CRLF序列的转义处理不恰当(CRLF注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Hackney 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Hackney是Hackney公司的一个程序库。 hackney 0.9.0至4.0.1之前版本存在安全漏洞,该漏洞源于cookie设置函数中domain和path选项未进行CRLF序列检查,可能导致HTTP响应拆分。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
benoitchackney 0.9.0 ~ 4.0.1 cpe:2.3:a:benoitc:hackney:*:*:*:*:*:*:*:*
benoitchackney 602d5c7f2ea4acbc83ed75230655d935a0750ebc ~ 8e02b99c28aea1b3fa2ddc0e66f51fe5bb0ac540 cpe:2.3:a:benoitc:hackney:*:*:*:*:*:*:*:*

II. Public POCs for CVE-2026-47069

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-47069

登录查看更多情报信息。

Patches & Fixes for CVE-2026-47069 (1)

Vendor Advisories for CVE-2026-47069 (3)

Same Patch Batch · benoitc · 2026-05-25 · 10 CVEs total

CVE-2026-47070HTTP/3 redirect handler leaks Authorization and Cookie headers to cross-origin redirect ta
CVE-2026-47076SSRF allowlist bypass via percent-encoded host in hackney
CVE-2026-47073Unbounded memory consumption in WebSocket client in hackney
CVE-2026-47075CR/LF injection in query parameter in hackney
CVE-2026-47072CRLF injection in WebSocket upgrade request in hackney
CVE-2026-47077Unbounded body accumulation in HTTP/3 response loop in hackney
CVE-2026-47067Atom table exhaustion via unrecognized URL schemes in hackney
CVE-2026-47071SOCKS5 TLS upgrade ignores caller timeout in hackney
CVE-2026-47066Infinite loop in Alt-Svc header parser in hackney

IV. Related Vulnerabilities

Same product: hackney
Same vendor: benoitc
Same weakness: CWE-93

V. Comments for CVE-2026-47069

No comments yet

Leave a comment