THREAT OPS › Threat News › [GHSA] GHSA-4vj7-5mj6-jm8m (medium) — morgan vulnerable to Log Forging via unneutralized control characters in :remote-user
[GHSA] GHSA-4vj7-5mj6-jm8m (medium) — morgan vulnerable to Log Forging via unneutralized control characters in :remote-user
GHSA-4vj7-5mj6-jm8m Severity: medium CVE: CVE-2026-5078
morgan vulnerable to Log Forging via unneutralized control characters in :remote-user
### Impact
Morgan's `:remote-user` token extracts the Basic auth username from the `Authorization` header and writes it to the log stream without neutralizing control characters. An attacker can send a crafted `Authorization: Basic` header containing CR/L
Indicators of compromise
- CVE-2026-5078cve
Original source: https://github.com/advisories/GHSA-4vj7-5mj6-jm8m