CVE-2026-1696
MediumCVSS 6.1Exploitation Probability (EPSS)
Low risk4th percentile - higher than 4% of all known CVEs
Summary
The web server does not properly set some HTTP security headers in responses sent to client applications. This can weaken protection against attacks such as XSS, clickjacking, and other threats due to missing security headers.
Risk Assessment
Missing proper HTTP security headers increases the risk of successful attacks on client applications, such as script injection or session hijacking, potentially leading to data breaches and loss of user trust.
Recommendation
Update the web server to the latest version that includes a fix for properly setting HTTP security headers. Additionally, configure Web Application Firewall (WAF) rules to enforce the required headers.
Original NVD description (English source)
Some HTTP security headers are not properly set by the web server when sending responses to the client application.

