Improper HTTP Header Handling in Popular Web Application
CVE-2026-10836

5.1MEDIUM

Key Information:

Vendor: Password Manager
Status: Password Manager
Vendor: CVE Published:; 17 June 2026

🔔 Create Password Manager Vulnerability Alert

What is CVE-2026-10836?

This vulnerability involves the improper handling of HTTP headers, specifically allowing a remote attacker to manipulate the Host header through specially crafted requests. If exploited, it can generate deceptive links or responses. Such manipulations could lead to limited information disclosure or compromise the integrity of dependent services, posing a significant risk to both website operators and users.

Affected Version(s)

Password Manager 0 < 08/07/2025

Password Manager 08/07/2025

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

patch

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2026
Vulnerability Reserved
Jun 4, 2026

CVE-2026-10836 Data

JSON