CVE Disclosure

CVE-2026-8368

Perl LWP::UserAgent / HTTP::Tiny · Perl

Zero header strip on cross-host redirect

CVSS—

SeverityMedium

StatusNVD: RESERVED

Summary

CVE-2026-8368 is a medium-severity vulnerability affecting Perl LWP::UserAgent / HTTP::Tiny (Perl): Zero header strip on cross-host redirect.

References

NVD↗MITRE↗Vendor / Advisory↗PoC repo (if published)↗

Disclosure

Reported by Kai Aizen. Status: NVD: RESERVED. Coordinated through standard NVD/MITRE/GHSA channels.

disclosure contextall 30 cves →

all disclosures

30 published CVEs

GHSA disclosures →

4 coordinated advisories

Pen Testing →

same methodology, your stack

Author

Kai Aizen

Independent offensive security researcher. 30 published CVEs, 5 Linux kernel mainline patches, creator of AATMF / P.R.O.M.P.T / SEF, author of Adversarial Minds.

about services github x linkedin researchgate