Common Weakness Enumeration

CWE-444

Allowed

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Abstraction: Base · Status: Incomplete

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

550 vulnerabilities reference this CWE, most recent first.

CVE-2026-1801 (GCVE-0-2026-1801)

Vulnerability from cvelistv5 – Published: 2026-02-03 20:12 – Updated: 2026-03-26 18:58
VLAI
Title
Libsoup: libsoup: http request smuggling via malformed chunk headers
Summary
A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soup_filter_input_stream_read_line() logic, where libsoup accepts malformed chunk headers, such as lone line feed (LF) characters instead of the required carriage return and line feed (CRLF). A remote attacker can exploit this without authentication or user interaction by sending specially crafted chunked requests. This allows libsoup to parse and process multiple HTTP requests from a single network message, potentially leading to information disclosure.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Assigner
Impacted products
Date Public
2026-02-03 00:00
Credits
Red Hat would like to thank Ahmed Lekssays for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-1801",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-03T20:40:42.165392Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-03T20:44:29.691Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup3",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Ahmed Lekssays for reporting this issue."
        }
      ],
      "datePublic": "2026-02-03T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soup_filter_input_stream_read_line() logic, where libsoup accepts malformed chunk headers, such as lone line feed (LF) characters instead of the required carriage return and line feed (CRLF). A remote attacker can exploit this without authentication or user interaction by sending specially crafted chunked requests. This allows libsoup to parse and process multiple HTTP requests from a single network message, potentially leading to information disclosure."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Low"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-444",
              "description": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-26T18:58:54.712Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-1801"
        },
        {
          "name": "RHBZ#2436315",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436315"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/481"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-02-03T12:36:47.913Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-02-03T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Libsoup: libsoup: http request smuggling via malformed chunk headers",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-1801",
    "datePublished": "2026-02-03T20:12:21.360Z",
    "dateReserved": "2026-02-03T12:42:08.207Z",
    "dateUpdated": "2026-03-26T18:58:54.712Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-1760 (GCVE-0-2026-1760)

Vulnerability from cvelistv5 – Published: 2026-02-02 14:01 – Updated: 2026-03-19 14:20
VLAI
Title
Libsoup: soupserver: denial of service via http request smuggling
Summary
A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client can exploit this by sending specially crafted requests, causing SoupServer to fail to close the connection as required by RFC 9112. This allows the attacker to smuggle additional requests over the persistent connection, leading to unintended request processing and potential denial-of-service (DoS) conditions.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Assigner
Impacted products
Date Public
2026-02-02 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-1760",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-02T17:29:44.685159Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-02T17:29:53.838Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup3",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "libsoup",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2026-02-02T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client can exploit this by sending specially crafted requests, causing SoupServer to fail to close the connection as required by RFC 9112. This allows the attacker to smuggle additional requests over the persistent connection, leading to unintended request processing and potential denial-of-service (DoS) conditions."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-444",
              "description": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-19T14:20:22.488Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2026-1760"
        },
        {
          "name": "RHBZ#2435951",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435951"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/475"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-02-02T12:24:20.855Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2026-02-02T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Libsoup: soupserver: denial of service via http request smuggling",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2026-1760",
    "datePublished": "2026-02-02T14:01:26.762Z",
    "dateReserved": "2026-02-02T12:25:23.985Z",
    "dateUpdated": "2026-03-19T14:20:22.488Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-1525 (GCVE-0-2026-1525)

Vulnerability from cvelistv5 – Published: 2026-03-12 19:56 – Updated: 2026-03-12 20:46
VLAI
Title
undici is vulnerable to Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Summary
Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names (e.g., Content-Length and content-length). This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire. Who is impacted: * Applications using undici.request(), undici.Client, or similar low-level APIs with headers passed as flat arrays * Applications that accept user-controlled header names without case-normalization Potential consequences: * Denial of Service: Strict HTTP parsers (proxies, servers) will reject requests with duplicate Content-Length headers (400 Bad Request) * HTTP Request Smuggling: In deployments where an intermediary and backend interpret duplicate headers inconsistently (e.g., one uses the first value, the other uses the last), this can enable request smuggling attacks leading to ACL bypass, cache poisoning, or credential hijacking
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-444 - Inconsistent interpretation of HTTP requests ('HTTP Request/Response smuggling')
Assigner
Impacted products
Vendor Product Version
undici undici Affected: < 6.24.0; 7.0.0 < 7.24.0
Unaffected: 6.24.0: 7.24.0
Create a notification for this product.
Credits
Matteo Collina Ulises Gascón
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-1525",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-12T20:44:24.555703Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-12T20:46:13.379Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/nodejs/undici/",
          "defaultStatus": "unaffected",
          "packageName": "undici",
          "product": "undici",
          "repo": "https://github.com/nodejs/undici/",
          "vendor": "undici",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 6.24.0; 7.0.0 \u003c 7.24.0"
            },
            {
              "status": "unaffected",
              "version": "6.24.0: 7.24.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Matteo Collina"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Ulises Gasc\u00f3n"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eUndici allows duplicate HTTP\u0026nbsp;\u003ccode\u003eContent-Length\u003c/code\u003e\u0026nbsp;headers when they are provided in an array with case-variant names (e.g.,\u0026nbsp;\u003ccode\u003eContent-Length\u003c/code\u003e\u0026nbsp;and\u0026nbsp;\u003ccode\u003econtent-length\u003c/code\u003e). This produces malformed HTTP/1.1 requests with multiple conflicting\u0026nbsp;\u003ccode\u003eContent-Length\u003c/code\u003e\u0026nbsp;values on the wire.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eWho is impacted:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eApplications using\u0026nbsp;\u003ccode\u003eundici.request()\u003c/code\u003e,\u0026nbsp;\u003ccode\u003eundici.Client\u003c/code\u003e, or similar low-level APIs with headers passed as flat arrays\u003c/li\u003e\u003cli\u003eApplications that accept user-controlled header names without case-normalization\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003ePotential consequences:\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eDenial of Service\u003c/strong\u003e: Strict HTTP parsers (proxies, servers) will reject requests with duplicate\u0026nbsp;\u003ccode\u003eContent-Length\u003c/code\u003e\u0026nbsp;headers (400 Bad Request)\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eHTTP Request Smuggling\u003c/strong\u003e: In deployments where an intermediary and backend interpret duplicate headers inconsistently (e.g., one uses the first value, the other uses the last), this can enable request smuggling attacks leading to ACL bypass, cache poisoning, or credential hijacking\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "Undici allows duplicate HTTP\u00a0Content-Length\u00a0headers when they are provided in an array with case-variant names (e.g.,\u00a0Content-Length\u00a0and\u00a0content-length). This produces malformed HTTP/1.1 requests with multiple conflicting\u00a0Content-Length\u00a0values on the wire.\n\nWho is impacted:\n\n  *  Applications using\u00a0undici.request(),\u00a0undici.Client, or similar low-level APIs with headers passed as flat arrays\n  *  Applications that accept user-controlled header names without case-normalization\n\n\nPotential consequences:\n\n  *  Denial of Service: Strict HTTP parsers (proxies, servers) will reject requests with duplicate\u00a0Content-Length\u00a0headers (400 Bad Request)\n  *  HTTP Request Smuggling: In deployments where an intermediary and backend interpret duplicate headers inconsistently (e.g., one uses the first value, the other uses the last), this can enable request smuggling attacks leading to ACL bypass, cache poisoning, or credential hijacking"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-33",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-33 HTTP Request Smuggling"
            }
          ]
        },
        {
          "capecId": "CAPEC-273",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-273 HTTP Response Smuggling"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-444",
              "description": "CWE-444 Inconsistent interpretation of HTTP requests (\u0027HTTP Request/Response smuggling\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-12T19:56:55.092Z",
        "orgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
        "shortName": "openjs"
      },
      "references": [
        {
          "url": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm"
        },
        {
          "url": "https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6"
        },
        {
          "url": "https://cwe.mitre.org/data/definitions/444.html"
        },
        {
          "url": "https://hackerone.com/reports/3556037"
        },
        {
          "url": "https://cna.openjsf.org/security-advisories.html"
        }
      ],
      "source": {
        "advisory": "GHSA-2mjp-6q6p-2qxm",
        "discovery": "INTERNAL"
      },
      "title": "undici is vulnerable to Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIf upgrading is not immediately possible:\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cstrong\u003eValidate header names\u003c/strong\u003e: Ensure no duplicate\u0026nbsp;\u003ccode\u003eContent-Length\u003c/code\u003e\u0026nbsp;headers (case-insensitive) are present before passing headers to undici\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eUse object format\u003c/strong\u003e: Pass headers as a plain object (\u003ccode\u003e{ \u0027content-length\u0027: \u0027123\u0027 }\u003c/code\u003e) rather than an array, which naturally deduplicates by key\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eSanitize user input\u003c/strong\u003e: If headers originate from user input, normalize header names to lowercase and reject duplicates\u003c/li\u003e\u003c/ol\u003e"
            }
          ],
          "value": "If upgrading is not immediately possible:\n\n  *  Validate header names: Ensure no duplicate\u00a0Content-Length\u00a0headers (case-insensitive) are present before passing headers to undici\n  *  Use object format: Pass headers as a plain object ({ \u0027content-length\u0027: \u0027123\u0027 }) rather than an array, which naturally deduplicates by key\n  *  Sanitize user input: If headers originate from user input, normalize header names to lowercase and reject duplicates"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 1.0.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
    "assignerShortName": "openjs",
    "cveId": "CVE-2026-1525",
    "datePublished": "2026-03-12T19:56:55.092Z",
    "dateReserved": "2026-01-28T12:04:51.369Z",
    "dateUpdated": "2026-03-12T20:46:13.379Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-1491 (GCVE-0-2026-1491)

Vulnerability from cvelistv5 – Published: 2026-04-01 20:44 – Updated: 2026-04-08 00:18
VLAI
Title
Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access
Summary
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive information due to an inconsistent interpretation of an HTTP request by a reverse proxy.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Assigner
ibm
References
URL Tags
https://www.ibm.com/support/pages/node/7268253 vendor-advisorypatch
Impacted products
Vendor Product Version
IBM Verify Identity Access Container Affected: 11.0 , ≤ 11.0.2 (semver)
    cpe:2.3:a:ibm:verify_identity_access_container:11.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:verify_identity_access_container:11.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:verify_identity_access_container:11.0.2:*:*:*:*:*:*:*
Create a notification for this product.
IBM Security Verify Access Container Affected: 10.0 , ≤ 10.0.9.1 (semver)
    cpe:2.3:a:ibm:security_verify_access_container:10.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:security_verify_access_container:10.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:security_verify_access_container:10.0.9.1:*:*:*:*:*:*:*
Create a notification for this product.
IBM Verify Identity Access Affected: 11.0 , ≤ 11.0.2 (semver)
    cpe:2.3:a:ibm:verify_identity_access:11.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:verify_identity_access:11.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:verify_identity_access:11.0.2:*:*:*:*:*:*:*
Create a notification for this product.
IBM Security Verify Access Affected: 10.0 , ≤ 10.0.9.1 (semver)
    cpe:2.3:a:ibm:security_verify_access:10.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:ibm:security_verify_access:10.0.9.1:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-1491",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-03T13:45:26.430568Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-03T13:56:05.184Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:ibm:verify_identity_access_container:11.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:verify_identity_access_container:11.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:verify_identity_access_container:11.0.2:*:*:*:*:*:*:*"
          ],
          "product": "Verify Identity Access Container",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "11.0.2",
              "status": "affected",
              "version": "11.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:ibm:security_verify_access_container:10.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:security_verify_access_container:10.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:security_verify_access_container:10.0.9.1:*:*:*:*:*:*:*"
          ],
          "product": "Security Verify Access Container",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "10.0.9.1",
              "status": "affected",
              "version": "10.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:ibm:verify_identity_access:11.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:verify_identity_access:11.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:verify_identity_access:11.0.2:*:*:*:*:*:*:*"
          ],
          "product": "Verify Identity Access",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "11.0.2",
              "status": "affected",
              "version": "11.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:ibm:security_verify_access:10.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:security_verify_access:10.0.0:*:*:*:*:*:*:*",
            "cpe:2.3:a:ibm:security_verify_access:10.0.9.1:*:*:*:*:*:*:*"
          ],
          "product": "Security Verify Access",
          "vendor": "IBM",
          "versions": [
            {
              "lessThanOrEqual": "10.0.9.1",
              "status": "affected",
              "version": "10.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive information due to an inconsistent interpretation of an HTTP request by a reverse proxy.\u003c/p\u003e"
            }
          ],
          "value": "IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive information due to an inconsistent interpretation of an HTTP request by a reverse proxy."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-444",
              "description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T00:18:04.049Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://www.ibm.com/support/pages/node/7268253"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cstrong\u003eIBM encourages customers to update their systems promptly.\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAppliance:\u00a0\u003c/strong\u003e\u003c/p\u003e\u003cdiv\u003e\u003ctable\u003e\u003cthead\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cstrong\u003eAffected Products and Versions\u003c/strong\u003e\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003cstrong\u003eFix availability\u003c/strong\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM Verify Identity Access 11.0 - 11.0.2\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Verify+Identity+Access\u0026amp;fixids=11.0.2.0-ISS-IVIA-IF0001\u0026amp;source=SAR\" rel=\"nofollow\"\u003eDownload IBM Verify Identity Access v11.0.2 IF1\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003eIBM Security Verify Access 10.0 - 10.0.9.1\u003c/p\u003e\u003c/td\u003e\u003ctd\u003e\u003cp\u003e\u003ca href=\"https://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FIBM+Security+Verify+Access\u0026amp;fixids=10.0.9.1-ISS-ISVA-IF0001\u0026amp;source=SAR\" rel=\"nofollow\"\u003eDownload IBM Security Verify Access v10.0.9.1 IF1\u003c/a\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/thead\u003e\u003c/table\u003e\u003c/div\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eContainer:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003e\u003ca href=\"https://docs.verify.ibm.com/ibm-security-verify-access/docs/containers\" rel=\"nofollow\"\u003eContainer Download\u003c/a\u003e\u003c/p\u003e"
            }
          ],
          "value": "IBM encourages customers to update their systems promptly.Appliance:\u00a0Affected Products and VersionsFix availabilityIBM Verify Identity Access 11.0 - 11.0.2Download IBM Verify Identity Access v11.0.2 IF1IBM Security Verify Access 10.0 - 10.0.9.1Download IBM Security Verify Access v10.0.9.1 IF1Container:Container Download"
        }
      ],
      "title": "Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access",
      "x_generator": {
        "engine": "ibm-cvegen"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2026-1491",
    "datePublished": "2026-04-01T20:44:24.310Z",
    "dateReserved": "2026-01-27T14:29:01.426Z",
    "dateUpdated": "2026-04-08T00:18:04.049Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-1002 (GCVE-0-2026-1002)

Vulnerability from cvelistv5 – Published: 2026-01-15 20:50 – Updated: 2026-01-15 21:09
VLAI
Title
Eclipse Vert.x Web static handler file access denial
Summary
The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component (used by Vert.x Web): https://github.com/eclipse-vertx/vert.x/pull/5895 Steps to reproduce Given a file served by the static handler, craft an URI that introduces a string like bar%2F..%2F after the last / char to deny the access to the URI with an HTTP 404 response. For example https://example.com/foo/index.html can be denied with https://example.com/foo/bar%2F..%2Findex.html Mitgation Disabling Static Handler cache fixes the issue. StaticHandler staticHandler = StaticHandler.create().setCachingEnabled(false);
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Eclipse Vert.x Eclipse Vert.x Affected: 4.0.0 , ≤ 4.5.23 (semver)
Affected: 5.0.0 , ≤ 5.0.6 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-1002",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-15T21:07:25.597990Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-15T21:09:22.172Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/vert-x3/vertx-web/issues/2836"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://repo.maven.apache.org/maven2",
          "defaultStatus": "unaffected",
          "packageName": "io.vertx",
          "product": "Eclipse Vert.x",
          "repo": "https://github.com/eclipse-vertx/vert.x",
          "vendor": "Eclipse Vert.x",
          "versions": [
            {
              "lessThanOrEqual": "4.5.23",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.0.6",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI.\u003c/p\u003e\n\u003cp\u003eThe issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component (used by Vert.x Web): \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/eclipse-vertx/vert.x/pull/5895\"\u003ehttps://github.com/eclipse-vertx/vert.x/pull/5895\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003e\n\u003ca target=\"_blank\" rel=\"nofollow\"\u003e\u003c/a\u003e\u003c/h2\u003e\u003ch2\u003eSteps to reproduce\u003c/h2\u003e\n\u003cp\u003eGiven a file served by the static handler, craft an URI that introduces a string like \u003ccode\u003ebar%2F..%2F\u003c/code\u003e after the last \u003ccode\u003e/\u003c/code\u003e char to deny the access to the URI with an HTTP 404 response. For example \u003ccode\u003ehttps://example.com/foo/index.html\u003c/code\u003e can be denied with \u003ccode\u003ehttps://example.com/foo/bar%2F..%2Findex.html\u003c/code\u003e\u003c/p\u003e\u003ch2\u003eMitgation\u003c/h2\u003e\n\u003cp\u003eDisabling Static Handler cache fixes the issue.\u003c/p\u003e\n\u003cdiv\u003e\n\u003cpre\u003e\u003ccode\u003eStaticHandler staticHandler = StaticHandler.create().setCachingEnabled(false);\u003c/code\u003e\u003c/pre\u003e\u003c/div\u003e\u003cbr\u003e"
            }
          ],
          "value": "The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI.\n\n\nThe issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component (used by Vert.x Web):  https://github.com/eclipse-vertx/vert.x/pull/5895 \n\n\n\nSteps to reproduce\nGiven a file served by the static handler, craft an URI that introduces a string like bar%2F..%2F after the last / char to deny the access to the URI with an HTTP 404 response. For example https://example.com/foo/index.html can be denied with https://example.com/foo/bar%2F..%2Findex.html\n\nMitgation\nDisabling Static Handler cache fixes the issue.\n\n\n\nStaticHandler staticHandler = StaticHandler.create().setCachingEnabled(false);"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-153",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-153 Input Data Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-444",
              "description": "CWE-444",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-15T20:50:25.642Z",
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/eclipse-vertx/vert.x/pull/5895"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Eclipse Vert.x Web static handler file access denial",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "cveId": "CVE-2026-1002",
    "datePublished": "2026-01-15T20:50:25.642Z",
    "dateReserved": "2026-01-15T18:23:48.276Z",
    "dateUpdated": "2026-01-15T21:09:22.172Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-69225 (GCVE-0-2025-69225)

Vulnerability from cvelistv5 – Published: 2026-01-05 23:16 – Updated: 2026-01-06 19:02
VLAI
Title
AIOHTTP Regex Mismatch Allows Unicode in ASCII-Only Protocol Fields
Summary
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that there's a method to exploit a request smuggling vulnerability. This issue is fixed in version 3.13.3.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Assigner
References
Impacted products
Vendor Product Version
aio-libs aiohttp Affected: < 3.13.3
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-69225",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-06T14:25:19.119274Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-06T19:02:59.048Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "aiohttp",
          "vendor": "aio-libs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.13.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that there\u0027s a method to exploit a request smuggling vulnerability. This issue is fixed in version 3.13.3."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-444",
              "description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T23:16:19.158Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-mqqc-3gqh-h2x8",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-mqqc-3gqh-h2x8"
        },
        {
          "name": "https://github.com/aio-libs/aiohttp/commit/c7b7a044f88c71cefda95ec75cdcfaa4792b3b96",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/aio-libs/aiohttp/commit/c7b7a044f88c71cefda95ec75cdcfaa4792b3b96"
        }
      ],
      "source": {
        "advisory": "GHSA-mqqc-3gqh-h2x8",
        "discovery": "UNKNOWN"
      },
      "title": "AIOHTTP Regex Mismatch Allows Unicode in ASCII-Only Protocol Fields"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-69225",
    "datePublished": "2026-01-05T23:16:19.158Z",
    "dateReserved": "2025-12-29T20:52:59.444Z",
    "dateUpdated": "2026-01-06T19:02:59.048Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-69224 (GCVE-0-2025-69224)

Vulnerability from cvelistv5 – Published: 2026-01-05 22:35 – Updated: 2026-01-06 19:03
VLAI
Title
AIOHTTP's Unicode processing of header values could cause parsing discrepancies
Summary
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below of the Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. If a pure Python version of AIOHTTP is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. This issue is fixed in version 3.13.3.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Assigner
References
Impacted products
Vendor Product Version
aio-libs aiohttp Affected: < 3.13.3
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-69224",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-06T14:25:43.789267Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-06T19:03:34.338Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "aiohttp",
          "vendor": "aio-libs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.13.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below of the Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. If a pure Python version of AIOHTTP is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. This issue is fixed in version 3.13.3."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-444",
              "description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T22:35:42.084Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-69f9-5gxw-wvc2",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-69f9-5gxw-wvc2"
        },
        {
          "name": "https://github.com/aio-libs/aiohttp/commit/32677f2adfd907420c078dda6b79225c6f4ebce0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/aio-libs/aiohttp/commit/32677f2adfd907420c078dda6b79225c6f4ebce0"
        }
      ],
      "source": {
        "advisory": "GHSA-69f9-5gxw-wvc2",
        "discovery": "UNKNOWN"
      },
      "title": "AIOHTTP\u0027s Unicode processing of header values could cause parsing discrepancies"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-69224",
    "datePublished": "2026-01-05T22:35:42.084Z",
    "dateReserved": "2025-12-29T20:46:13.630Z",
    "dateUpdated": "2026-01-06T19:03:34.338Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-65114 (GCVE-0-2025-65114)

Vulnerability from cvelistv5 – Published: 2026-04-02 15:55 – Updated: 2026-04-02 18:10
VLAI
Title
Apache Traffic Server: Malformed chunked message body allows request smuggling
Summary
Apache Traffic Server allows request smuggling if chunked messages are malformed.  This issue affects Apache Traffic Server: from 9.0.0 through 9.2.12, from 10.0.0 through 10.1.1. Users are recommended to upgrade to version 9.2.13 or 10.1.2, which fix the issue.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Assigner
References
Impacted products
Vendor Product Version
Apache Software Foundation Apache Traffic Server Affected: 9.0.0 , ≤ 9.2.12 (semver)
Affected: 10.0.0 , ≤ 10.1.1 (semver)
Create a notification for this product.
Credits
Katsutoshi Ikenoya
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-65114",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-02T18:09:43.044758Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-02T18:10:10.171Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Traffic Server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "9.2.12",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.1.1",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Katsutoshi Ikenoya"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eApache Traffic Server allows request smuggling if c\u003c/span\u003ehunked messages are malformed.\u003c/span\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003eThis issue affects Apache Traffic Server: from 9.0.0 through 9.2.12, from 10.0.0 through 10.1.1.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 9.2.13 or 10.1.2, which fix the issue.\u003c/p\u003e"
            }
          ],
          "value": "Apache Traffic Server allows request smuggling if chunked messages are malformed.\u00a0\n\nThis issue affects Apache Traffic Server: from 9.0.0 through 9.2.12, from 10.0.0 through 10.1.1.\n\nUsers are recommended to upgrade to version 9.2.13 or 10.1.2, which fix the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-444",
              "description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-02T15:55:27.280Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/2s11roxlv1j8ph6q52rqo1klvl01n14q"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache Traffic Server: Malformed chunked message body allows request smuggling",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2025-65114",
    "datePublished": "2026-04-02T15:55:27.280Z",
    "dateReserved": "2025-11-18T00:11:27.195Z",
    "dateUpdated": "2026-04-02T18:10:10.171Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-59822 (GCVE-0-2025-59822)

Vulnerability from cvelistv5 – Published: 2025-09-23 18:54 – Updated: 2025-09-23 19:17
VLAI
Title
Http4s vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section
Summary
Http4s is a Scala interface for HTTP services. In versions from 1.0.0-M1 to before 1.0.0-M45 and before 0.23.31, http4s is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section. This vulnerability could enable attackers to bypass front-end servers security controls, launch targeted attacks against active users, and poison web caches. A pre-requisite for exploitation involves the web application being deployed behind a reverse-proxy that forwards trailer headers. This issue has been patched in versions 1.0.0-M45 and 0.23.31.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Assigner
References
Impacted products
Vendor Product Version
http4s http4s Affected: < 0.23.31
Affected: >= 1.0.0-M1, < 1.0.0-M45
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59822",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-23T19:15:00.938453Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-23T19:17:26.320Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/http4s/http4s/security/advisories/GHSA-wcwh-7gfw-5wrr"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "http4s",
          "vendor": "http4s",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.23.31"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.0.0-M1, \u003c 1.0.0-M45"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Http4s is a Scala interface for HTTP services. In versions from 1.0.0-M1 to before 1.0.0-M45 and before 0.23.31, http4s is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section. This vulnerability could enable attackers to bypass front-end servers security controls, launch targeted attacks against active users, and poison web caches. A pre-requisite for exploitation involves the web application being deployed behind a reverse-proxy that forwards trailer headers. This issue has been patched in versions 1.0.0-M45 and 0.23.31."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-444",
              "description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-23T18:54:42.867Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/http4s/http4s/security/advisories/GHSA-wcwh-7gfw-5wrr",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/http4s/http4s/security/advisories/GHSA-wcwh-7gfw-5wrr"
        },
        {
          "name": "https://github.com/http4s/http4s/commit/dd518f7c967e5165813b8d4a48a82b8fab852d41",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/http4s/http4s/commit/dd518f7c967e5165813b8d4a48a82b8fab852d41"
        }
      ],
      "source": {
        "advisory": "GHSA-wcwh-7gfw-5wrr",
        "discovery": "UNKNOWN"
      },
      "title": "Http4s vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-59822",
    "datePublished": "2025-09-23T18:54:42.867Z",
    "dateReserved": "2025-09-22T14:34:03.470Z",
    "dateUpdated": "2025-09-23T19:17:26.320Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-58068 (GCVE-0-2025-58068)

Vulnerability from cvelistv5 – Published: 2025-08-29 21:12 – Updated: 2025-11-03 18:13
VLAI
Title
Eventlet affected by HTTP request smuggling in unparsed trailers
Summary
Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted attacks against active site users, and poison web caches. This problem has been patched in Eventlet 0.40.3 by dropping trailers which is a breaking change if a backend behind eventlet.wsgi proxy requires trailers. A workaround involves not using eventlet.wsgi facing untrusted clients.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Assigner
Impacted products
Vendor Product Version
eventlet eventlet Affected: < 0.40.3
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-58068",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-02T13:49:48.188360Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-02T13:51:35.797Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T18:13:48.690Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "eventlet",
          "vendor": "eventlet",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.40.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted attacks against active site users, and poison web caches. This problem has been patched in Eventlet 0.40.3 by dropping trailers which is a breaking change if a backend behind eventlet.wsgi proxy requires trailers. A workaround involves not using eventlet.wsgi facing untrusted clients."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-444",
              "description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-29T21:12:24.534Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/eventlet/eventlet/security/advisories/GHSA-hw6f-rjfj-j7j7",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/eventlet/eventlet/security/advisories/GHSA-hw6f-rjfj-j7j7"
        },
        {
          "name": "https://github.com/eventlet/eventlet/pull/1062",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/eventlet/eventlet/pull/1062"
        },
        {
          "name": "https://github.com/eventlet/eventlet/commit/0bfebd1117d392559e25b4bfbfcc941754de88fb",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/eventlet/eventlet/commit/0bfebd1117d392559e25b4bfbfcc941754de88fb"
        }
      ],
      "source": {
        "advisory": "GHSA-hw6f-rjfj-j7j7",
        "discovery": "UNKNOWN"
      },
      "title": "Eventlet affected by HTTP request smuggling in unparsed trailers"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-58068",
    "datePublished": "2025-08-29T21:12:24.534Z",
    "dateReserved": "2025-08-22T14:30:32.223Z",
    "dateUpdated": "2025-11-03T18:13:48.690Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation
Implementation

Use a web server that employs a strict HTTP parsing procedure, such as Apache [REF-433].

Mitigation
Implementation

Use only SSL communication.

Mitigation
Implementation

Terminate the client session after each request.

Mitigation
System Configuration

Turn all pages to non-cacheable.

CAPEC-273: HTTP Response Smuggling

An adversary manipulates and injects malicious content in the form of secret unauthorized HTTP responses, into a single HTTP response from a vulnerable or compromised back-end HTTP agent (e.g., server).

See CanPrecede relationships for possible consequences.

CAPEC-33: HTTP Request Smuggling

An adversary abuses the flexibility and discrepancies in the parsing and interpretation of HTTP Request messages using various HTTP headers, request-line and body parameters as well as message sizes (denoted by the end of message signaled by a given HTTP header) by different intermediary HTTP agents (e.g., load balancer, reverse proxy, web caching proxies, application firewalls, etc.) to secretly send unauthorized and malicious HTTP requests to a back-end HTTP agent (e.g., web server).

See CanPrecede relationships for possible consequences.