top of page
perceptive_background_267k.jpg

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's server parses an incoming request, it appl…

Published:

28 May 2026 at 22:00:00

Alert date:

29 May 2026 at 21:09:42

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Supply Chain & Dependencies

A vulnerability in cpp-httplib, a C++11 HTTP/HTTPS library, allows header injection attacks through percent-encoded CRLF sequences. The library applies percent-decoding to header values after validation, allowing encoded %0D%0A to bypass checks and expand to literal carriage return and line feed characters. This affects versions prior to 0.44.0 and could enable HTTP request smuggling or response splitting attacks. The vulnerability has been fixed in version 0.44.0.

Technical details

Mitigation steps:

Affected products:

cpp-httplib

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-45372
https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-xjxg-64p4-vj4m

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page