Denial of Service Vulnerability in Emmett Framework Affecting Cookie Handling
CVE-2026-25577

7.5HIGH

Key Information:

Vendor: Emmett-framework
Status: Core
Vendor: CVE Published:; 10 February 2026

🔔 Create Emmett-framework Vulnerability Alert

What is CVE-2026-25577?

The Emmett Framework has a vulnerability in its cookie handling mechanism where the cookies property in mmett_core.http.wrappers.Request does not properly manage CookieError exceptions for malformed Cookie headers in versions prior to 1.3.11. This oversight allows unauthenticated attackers to exploit the issue, potentially triggering HTTP 500 errors, which leads to denial of service. The vulnerability has been addressed in version 1.3.11. For more details, refer to the official security advisory.

Affected Version(s)

core < 1.3.11

References

https://github.com/emmett-framework/core/security/advisor...

x_refsource_CONFIRM

https://github.com/emmett-framework/core/commit/9557ea23a...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 10, 2026
Vulnerability Reserved
Feb 3, 2026

CVE-2026-25577 Data

JSON