CVE-2026-25577 | THREATINT

Description

Emmett is a framework designed to simplify your development process. Prior to 1.3.11, the cookies property in mmett_core.http.wrappers.Request does not handle CookieError exceptions when parsing malformed Cookie headers. This allows unauthenticated attackers to trigger HTTP 500 errors and cause denial of service. This vulnerability is fixed in 1.3.11.

PUBLISHED Reserved 2026-02-03 | Published 2026-02-10 | Updated 2026-02-11 | Assigner GitHub_M

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-248: Uncaught Exception

CWE-307: Improper Restriction of Excessive Authentication Attempts

Product status

< 1.3.11

affected

References

github.com/...k/core/security/advisories/GHSA-x6cr-mq53-cc76 exploit

github.com/...k/core/security/advisories/GHSA-x6cr-mq53-cc76

github.com/...ommit/9557ea23a27cbadf7774d8bca6bbe4b54fa8a3ec

cve.org (CVE-2026-25577)

nvd.nist.gov (CVE-2026-25577)

Download JSON