CVE-2026-6874 — A vulnerability was determined in ericc-ch copilot-api up

/MEDIUM /CVSS 4.3/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
National Vulnerability Database vulnerabilitycvemedium-severitycwe-350
CVE-2026-6874 — A vulnerability was determined in ericc-ch copilot-api up

CVE-2026-6874 — A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host can lead to reliance on reverse dns resolution. The attack may be performed from remo

What This Means For You

  • If your environment is affected by CWE-350, review your exposure and prioritize patching based on your environment. Monitor vendor advisories for CVE-2026-6874 updates and patches.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1566.002 Phishing: Spearphishing Link Initial Access

🛡️ Detection Rules

2 rules · 6 SIEM formats

2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1190 Initial Access

CVE-2026-6874 - Suspicious Host Header Manipulation in copilot-api

Sigma YAML — free preview
✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Export via Bot →

Indicators of Compromise

IDTypeIndicator
CVE-2026-6874 vulnerability CVE-2026-6874
CWE-350 weakness CWE-350

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 23, 2026 at 03:16 UTC

This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.

Believe this infringes your rights? Submit a takedown request.

Related Posts

CVE-2026-6878 — ByteDance Verl Vulnerability

CVE-2026-6878 — A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of the file prime_math/grader.py. The manipulation leads to...

vulnerabilityCVEmedium-severitycwe-264cwe-265
/SCW Vulnerability Desk /MEDIUM /5.6 /⚑ 3 IOCs /⚙ 3 Sigma

IBM Storage Console Flaw: Unauthenticated RCE Risk

CVE-2026-5935 — IBM Total Storage Service Console (TSSC) / TS4500 IMC 9.2, 9.3, 9.4, 9.5, 9.6 TSSC/IMC could allow an unauthenticated user to execute arbitrary commands...

vulnerabilityCVEhigh-severitycwe-78
/SCW Vulnerability Desk /HIGH /7.3 /⚑ 3 IOCs /⚙ 3 Sigma

CVE-2026-5926 — IBM Verify Identity Access Container 11.0 through 11.0.2

CVE-2026-5926 — IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0...

vulnerabilityCVEmedium-severity
/SCW Vulnerability Desk /MEDIUM /6.5 /⚑ 1 IOC /⚙ 2 Sigma