Bug 2498161 (CVE-2026-59882)
| Summary: | CVE-2026-59882 guzzlehttp/psr7: guzzlehttp/psr7: URI host validation flaw can lead to security bypass or misrouting | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in guzzlehttp/psr7, a PHP library for HTTP messages. The Uri::assertValidHost() function fails to properly validate URI host components, allowing for the inclusion of authority delimiters, embedded ports, or malformed IPv6 brackets. This improper validation can lead to discrepancies between the URI host and the authority used for security or routing decisions, potentially enabling security bypasses or misrouting of requests.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2499191, 2499192, 2499193, 2499194 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-07-08 17:02:50 UTC
|