216.73.216.36

CVE-2026-21428

· Published 01/01/2026 18:15 · Modified 01/01/2026 18:15

Labels: CVE-2026-21428 2026-01-01CVE-2026-21428CWE-93[email protected]

Essential information

Published
01/01/2026 18:15
Modified
01/01/2026 18:15
Author
Creator
CVSS
7.7 HIGH (v3) 7.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.0, the ``write_headers`` function does not check for CR & LF characters in user supplied headers, allowing untrusted header value to escape header lines. This vulnerability allows attackers to add extra headers, modify request body unexpectedly & trigger an SSRF attack. When combined with a server that supports http1.1 pipelining (springboot, python twisted etc), this can be used for server side request forgery (SSRF). Version 0.30.0 fixes this issue.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
cpp-httplib / cpp-httplib cpe:2.3:a:cpp-httplib:cpp-httplib:<0.30.0:*:*:*:*:*:*:*

References