CVE-2026-6338

216.73.216.226

· Published 11/06/2026 16:16 · Modified 11/06/2026 15:32 · Author: The MITRE Corporation

Labels: CVE-2026-6338 02762ae7-200e-4b20-9b2b-a77d5b8fc4cb 2026-06-11 CVE-2026-6338 CWE-444

Essential information

Published: 11/06/2026 16:16
Modified: 11/06/2026 15:32
Author: The MITRE Corporation
Creator: The MITRE Corporation
CVSS: 4.9 MEDIUM (v3) 7.0 HIGH (v4.0)
CISA KEV: No
CWE: CWE-444
CVSS vector: —

CVSS metrics

Description

A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 series. The vulnerability is caused by a parsing flaw in Kong’s HTTP request processing pipeline when handling untrusted HTTP/1.1 traffic.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: 02762ae7-200e-4b20-9b2b-a77d5b8fc4cb
NVD: View on NVD

Affected products (CPE)

Product	CPE
kong / kong gateway enterprise	`cpe:2.3:a:kong:kong_gateway_enterprise:3.4:::::::*`
kong / kong gateway enterprise	`cpe:2.3:a:kong:kong_gateway_enterprise:3.10:::::::*`
kong / kong gateway enterprise	`cpe:2.3:a:kong:kong_gateway_enterprise:3.11:::::::*`
kong / kong gateway enterprise	`cpe:2.3:a:kong:kong_gateway_enterprise:3.12:::::::*`
kong / kong gateway enterprise	`cpe:2.3:a:kong:kong_gateway_enterprise:3.13:::::::*`
kong / kong gateway enterprise	`cpe:2.3:a:kong:kong_gateway_enterprise:3.14:::::::*`