All 4 CVE vulnerabilities found in Flask, with AI-generated Chinese analysis, references, and POCs.
Vendor: The Pallets Project
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-27205 | Flask session does not add `Vary: Cookie` header when accessed in some ways CWE-524 | 7.5AI | HighAI | 2026-02-21 |
| CVE-2025-47278 | Flask uses fallback key instead of current signing key CWE-683 | 7.5AI | HighAI | 2025-05-13 |
| CVE-2023-30861 | Flask vulnerable to possible disclosure of permanent session cookie due to missing Vary: Cookie header CWE-539 | 7.5 | High | 2023-05-02 |
| CVE-2019-1010083 | Pallets Project Flask 资源管理错误漏洞 | 7.5 | - | 2019-07-17 |
All 4 known CVE vulnerabilities affecting Flask with full Chinese analysis, references, and POCs where available.