SecurityInfinity
ScannersCVE FeedPricingBug BountyTraining
SecurityInfinity
ScannersCVE FeedPricingBug BountyTraining
Back to Overview
MEDIUM SEVERITYCWE-93: CRLF Injection

CRLF Injection

Carriage Return Line Feed (CRLF) injection is a vulnerability that occurs when an attacker injects a CRLF character sequence into an HTTP stream. By doing so, they can manipulate client-side behavior or add malicious headers.

Common Payloads

%0D%0ASet-Cookie:securityinfinity=true
/%0d%0aLocation:https://google.com
/?%0d%0aHeader:Value
example.com/%0d%0a%0d%0a<script>alert(1)</script>

How to Prevent?

  • Properly sanitize all user-supplied data before including it in HTTP headers.
  • Filter or encode CRLF characters (%0D %0A) from user input.
  • Use modern web frameworks that automatically handle header sanitization.
  • Implement strict validation rules for expected input formats.
SecurityInfinity

Architecting the future of autonomous cybersecurity intelligence for a safer digital world.

Product

ScannersPricingBug BountyDocumentation

Resources

ResearchCybersecurityCVE DatabaseBlog

Training

Learning PathsHands-on LabsVulnerability TypesTech Blog

Company

About UsContact UsCEO's BlogPrivacy Policy
© 2026 SecurityInfinity. All rights reserved.
TermsPrivacyCookies