A vulnerability was found in sanic-cors up to 2.2.0 . It has been rated as problematic . This vulnerability affects the function try_match of the file sanic_cors/core.py . The manipulation leads to permissive cross-domain policy with untrusted domains. This vulnerability is documented as CVE-2026-37737 . The attack can be initiated remotely. There is not any exploit available.