A vulnerability was found in undici up to 6.25.x/7.27.x/8.4.x . It has been rated as critical . Affected is an unknown function of the file /parseCookie/getSetCookies of the component HTTP Response Header Handler . This manipulation causes crlf injection. This vulnerability is registered as CVE-2026-9679 . Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is advised.