CVE-2026-6874 | ericc-ch copilot-api up to 0.7.0 Header /token Host dns rebinding

Inserito da Angelo Barbosa | Apr 22, 2026 | CVE

A vulnerability categorized as problematic has been discovered in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host can lead to reliance on reverse dns resolution.

This vulnerability appears as CVE-2026-6874. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-6874 | ericc-ch copilot-api up to 0.7.0 Header /token Host dns rebinding

Post correlati

CVE-2026-1699 | Eclipse Theia preview.yml pull_request_target inclusion of functionality from untrusted control sphere (Issue 332)

CVE-2024-12667 | InvoicePlane up to 1.6.1 /invoices/view session expiration

CVE-2025-0168 | code-projects Job Recruitment 1.0 _feedback_system.php person sql injection

CVE-2023-6891 | PeaZip 9.4.0 Library dragdropfilesdll.dll uncontrolled search path