216.73.217.22

CVE-2026-46527

· Published 29/05/2026 20:16 · Modified 29/05/2026 20:23

Labels: CVE-2026-46527 2026-05-29CVE-2026-46527CWE-476[email protected]

Essential information

Published
29/05/2026 20:16
Modified
29/05/2026 20:23
Author
Creator
CVSS
8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the server has called Server::set_trusted_proxies() with a non-empty trusted-proxy list, an attacker can send an HTTP request that includes an X-Forwarded-For header whose value parses to no valid IP segments. The code path then executes get_client_ip(), which calls front() on an empty std::vector—undefined behavior in C++. On typical implementations this manifests as abnormal process termination (denial of service). With Sanitizers enabled, you get an explicit runtime diagnostic. This vulnerability is fixed in 0.44.0.

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
cpp-httplib / cpp-httplib cpe:2.3:a:cpp-httplib:cpp-httplib:<0.44.0:*:*:*:*:*:*:*

References