GHSA-HQ7V-MX3G-29HW
Vulnerability from github – Published: 2026-06-11 13:04 – Updated: 2026-06-11 13:04Impact
guzzlehttp/psr7 did not reject ASCII control characters, whitespace, or DEL in first-party URI host components. The issue requires a PSR-7 request to be serialized into a raw HTTP/1.x message, for example with GuzzleHttp\Psr7\Message::toString() or an equivalent custom serializer. Creating a Uri, Request, or other PSR-7 object alone is not sufficient. The malformed host must be copied into the serialized Host header without further validation.
A vulnerable flow is:
- An application accepts a user-controlled URL.
- The URL is used to construct a PSR-7
UriorRequest. - The host component contains CRLF or another header-unsafe character.
- The request is serialized into a raw HTTP/1.x message without an explicit
Hostheader. - The host is copied into the serialized
Hostheader. - The serialized request is written to the network or otherwise processed by software that does not independently reject the malformed host.
In that flow, an attacker can cause the serialized request to contain additional attacker-controlled header lines. For example, a host containing "\r\nX-Injected: yes" can cause the generated Host header to span multiple HTTP header lines.
This is not the normal request-sending path used by guzzlehttp/guzzle. Applications using guzzlehttp/psr7 only through Guzzle's standard HTTP client APIs are not expected to be affected. Applications are most likely to be affected when they manually serialize PSR-7 requests, forward raw HTTP messages, or use custom transports, proxying, crawling, webhook delivery, or similar request-dispatch code that serializes requests without independently validating URI hosts and header data. In deployments involving HTTP/1.1 connection reuse, proxies, gateways, or load balancers, this malformed serialized request may also contribute to request smuggling or cache poisoning, depending on how downstream components parse the request.
Patches
The issue is patched in 2.10.2 and later. 1.x is end-of-life and will not receive a patch.
Workarounds
If you cannot upgrade immediately, validate and reject all untrusted URI strings before constructing PSR-7 Uri or Request instances. Reject input containing ASCII control characters, whitespace, or DEL, including CRLF, tab, space, NUL, or DEL characters:
if (preg_match('/[\x00-\x20\x7F]/', $untrustedUrl)) {
throw new \InvalidArgumentException('Insecure URL detected');
}
Applications that manually serialize or forward requests should also ensure the final HTTP client, transport, or serializer rejects invalid URI and header data before writing requests to the network.
References
- https://www.rfc-editor.org/rfc/rfc9112.html#section-3.2
- https://www.rfc-editor.org/rfc/rfc9112.html#section-5
- https://www.rfc-editor.org/rfc/rfc9112.html#section-11.2
- https://www.rfc-editor.org/rfc/rfc9110.html#section-7.2
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "guzzlehttp/psr7"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.10.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-49214"
],
"database_specific": {
"cwe_ids": [
"CWE-113",
"CWE-20",
"CWE-93"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-11T13:04:47Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "## Impact\n\n`guzzlehttp/psr7` did not reject ASCII control characters, whitespace, or DEL in first-party URI host components. The issue requires a PSR-7 request to be serialized into a raw HTTP/1.x message, for example with `GuzzleHttp\\Psr7\\Message::toString()` or an equivalent custom serializer. Creating a `Uri`, `Request`, or other PSR-7 object alone is not sufficient. The malformed host must be copied into the serialized `Host` header without further validation.\n\nA vulnerable flow is:\n\n1. An application accepts a user-controlled URL.\n2. The URL is used to construct a PSR-7 `Uri` or `Request`.\n3. The host component contains CRLF or another header-unsafe character.\n4. The request is serialized into a raw HTTP/1.x message without an explicit `Host` header.\n5. The host is copied into the serialized `Host` header.\n6. The serialized request is written to the network or otherwise processed by software that does not independently reject the malformed host.\n\nIn that flow, an attacker can cause the serialized request to contain additional attacker-controlled header lines. For example, a host containing `\"\\r\\nX-Injected: yes\"` can cause the generated `Host` header to span multiple HTTP header lines.\n\nThis is not the normal request-sending path used by `guzzlehttp/guzzle`. Applications using `guzzlehttp/psr7` only through Guzzle\u0027s standard HTTP client APIs are not expected to be affected. Applications are most likely to be affected when they manually serialize PSR-7 requests, forward raw HTTP messages, or use custom transports, proxying, crawling, webhook delivery, or similar request-dispatch code that serializes requests without independently validating URI hosts and header data. In deployments involving HTTP/1.1 connection reuse, proxies, gateways, or load balancers, this malformed serialized request may also contribute to request smuggling or cache poisoning, depending on how downstream components parse the request.\n\n## Patches\n\nThe issue is patched in `2.10.2` and later. `1.x` is end-of-life and will not receive a patch.\n\n## Workarounds\n\nIf you cannot upgrade immediately, validate and reject all untrusted URI strings before constructing PSR-7 `Uri` or `Request` instances. Reject input containing ASCII control characters, whitespace, or DEL, including CRLF, tab, space, NUL, or DEL characters:\n\n```php\nif (preg_match(\u0027/[\\x00-\\x20\\x7F]/\u0027, $untrustedUrl)) {\n throw new \\InvalidArgumentException(\u0027Insecure URL detected\u0027);\n}\n```\n\nApplications that manually serialize or forward requests should also ensure the final HTTP client, transport, or serializer rejects invalid URI and header data before writing requests to the network.\n\n## References\n\n* https://www.rfc-editor.org/rfc/rfc9112.html#section-3.2\n* https://www.rfc-editor.org/rfc/rfc9112.html#section-5\n* https://www.rfc-editor.org/rfc/rfc9112.html#section-11.2\n* https://www.rfc-editor.org/rfc/rfc9110.html#section-7.2",
"id": "GHSA-hq7v-mx3g-29hw",
"modified": "2026-06-11T13:04:47Z",
"published": "2026-06-11T13:04:47Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/guzzle/psr7/security/advisories/GHSA-hq7v-mx3g-29hw"
},
{
"type": "PACKAGE",
"url": "https://github.com/guzzle/psr7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "guzzlehttp/psr7 has CRLF Injection via URI Host Component"
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.