CVE Catalog

CVE-2026-1696

MediumCVSS 6.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.14%

4th percentile - higher than 4% of all known CVEs

Summary

The web server does not properly set some HTTP security headers in responses sent to client applications. This can weaken protection against attacks such as XSS, clickjacking, and other threats due to missing security headers.

Risk Assessment

Missing proper HTTP security headers increases the risk of successful attacks on client applications, such as script injection or session hijacking, potentially leading to data breaches and loss of user trust.

Recommendation

Update the web server to the latest version that includes a fix for properly setting HTTP security headers. Additionally, configure Web Application Firewall (WAF) rules to enforce the required headers.

Original NVD description (English source)

Some HTTP security headers are not properly set by the web server when sending responses to the client application.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS