morgan HTTP Logger CRLF Injection (CVE-2026-5078): Log Injection via Basic Auth Username in Node.js Middleware
A CRLF injection vulnerability in the morgan HTTP request logger for Node.js, tracked as CVE-2026-5078, allows attackers to inject arbitrary log entries by supplying crafted … Read More