CVE Watchtower β Back to CVE ListCVE-2026-38967NVDDescriptionCrowCpp Crow through v1.3.1 HTTP is vulnerable to response header injection via unvalidated response header values.Severity LevelCRITICAL (9.8)Published Date02/06/2026Last Modified03/06/2026Exploitation Status????Referenceshttps://github.com/CrowCpp/Crow/issues/1165https://github.com/CrowCpp/Crow/pull/1167