CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-54171

mediumCVSS 6.5covered by 1 sourcefirst seen 2026-07-10
Impact The redirect follower middleware previously failed to strip a number of headers that are known to be sensitive and did not provide a way to provide a custom list of headers to strip. _What kind of vulnerability is it? Who is impacted?_ This could cause inadvertent leakage of sensitive data for users of the RedirectFollower middleware in cases where the initial request includes header information that is not intended for the new target. Patches Patch exists and is released in v1.5.0 Workarounds Users can backport the fix to a custom redirect follower middleware.

⚡ Watch CVE-2026-54171

Get an email if CVE-2026-54171 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Advisory coverage (1)

External references

NVD record for CVE-2026-54171

CVE.org record

Embed the live status

CVE-2026-54171 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-54171 status](https://www.csirts.com/badge/CVE-2026-54171)](https://www.csirts.com/cve/CVE-2026-54171)