216.73.217.86

CVE-2026-5440

· Published 09/04/2026 15:16 · Modified 09/04/2026 15:16

Labels: CVE-2026-5440 2026-04-09CVE-2026-5440[email protected]

Essential information

Published
09/04/2026 15:16
Modified
09/04/2026 15:16
Author
Creator
CISA KEV
No
CWE

Description

A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the `Content-Length` header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large `Content-Length` value can trigger excessive memory allocation and server termination, even without sending a request body.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
* / http server cpe:2.3:a:*:http_server:*:*:*:*:*:*:*:*

References