216.73.216.133

CVE-2026-32627

· Published 16/03/2026 14:19 · Modified 17/03/2026 19:08

Labels: CVE-2026-32627 2026-03-16CVE-2026-32627CWE-295[email protected]

Essential information

Published
16/03/2026 14:19
Modified
17/03/2026 19:08
Author
Creator
CVSS
8.7 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

CVSS metrics

Description

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-httplib client is configured with a proxy and set_follow_location(true), any HTTPS redirect it follows will have TLS certificate and hostname verification silently disabled on the new connection. The client will accept any certificate presented by the redirect target — expired, self-signed, or forged — without raising an error or notifying the application. A network attacker in a position to return a redirect response can fully intercept the follow-up HTTPS connection, including any credentials or session tokens in flight. This vulnerability is fixed in 0.37.2.

NVD status

Status
Analyzed — CVE is currently being analyzed by NVD staff, this process results in association of reference link tags, CVSS scores, CWE association, and CPE applicability statements.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
yhirose / cpp-httplib cpe:2.3:a:yhirose:cpp-httplib:*:*:*:*:*:*:*:*

References