CWE-444
AllowedInconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Abstraction: Base · Status: Incomplete
The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.
551 vulnerabilities reference this CWE, most recent first.
GHSA-262P-VJX5-45XH
Vulnerability from github – Published: 2026-03-05 00:31 – Updated: 2026-03-05 20:55Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-hj7x-879w-vrp7. This link is maintained to preserve external references.
Original Description
An HTTP Request Smuggling vulnerability (CWE-444) has been found in Pingora's parsing of HTTP/1.0 and Transfer-Encoding requests. The issue occurs due to improperly allowing HTTP/1.0 request bodies to be close-delimited and incorrect handling of multiple Transfer-Encoding values, allowing attackers to send HTTP/1.0 requests in a way that would desync Pingora’s request framing from backend servers’.
Impact
This vulnerability primarily affects standalone Pingora deployments in front of certain backends that accept HTTP/1.0 requests. An attacker could craft a malicious payload following this request that Pingora forwards to the backend in order to:
-
Bypass proxy-level ACL controls and WAF logic
-
Poison caches and upstream connections, causing subsequent requests from legitimate users to receive responses intended for smuggled requests
-
Perform cross-user attacks by hijacking sessions or smuggling requests that appear to originate from the trusted proxy IP
Cloudflare's CDN infrastructure was not affected by this vulnerability, as its ingress proxy layers forwarded HTTP/1.1 requests only, rejected ambiguous framing such as invalid Content-Length values, and forwarded a single Transfer-Encoding: chunked header for chunked requests.
Mitigation:
Pingora users should upgrade to Pingora v0.8.0 or higher that fixes this issue by correctly parsing message length headers per RFC 9112 and strictly adhering to more RFC guidelines, including that HTTP request bodies are never close-delimited.
As a workaround, users can reject certain requests with an error in the request filter logic in order to stop processing bytes on the connection and disable downstream connection reuse. The user should reject any non-HTTP/1.1 request, or a request that has invalid Content-Length, multiple Transfer-Encoding headers, or Transfer-Encoding header that is not an exact “chunked” string match.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "pingora-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.8.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-444"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-05T20:55:52Z",
"nvd_published_at": "2026-03-05T00:15:57Z",
"severity": "CRITICAL"
},
"details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-hj7x-879w-vrp7. This link is maintained to preserve external references.\n\n### Original Description\nAn HTTP Request Smuggling vulnerability (CWE-444) has been found in Pingora\u0027s parsing of HTTP/1.0 and Transfer-Encoding requests. The issue occurs due to improperly allowing HTTP/1.0 request bodies to be close-delimited and incorrect handling of multiple Transfer-Encoding values, allowing attackers to send HTTP/1.0 requests in a way that would desync Pingora\u2019s request framing from backend servers\u2019.\n\nImpact\n\nThis vulnerability primarily affects standalone Pingora deployments in front of certain backends that accept HTTP/1.0 requests. An attacker could craft a malicious payload following this request that Pingora forwards to the backend in order to:\n\n * Bypass proxy-level ACL controls and WAF logic\n\n\n\n\n * Poison caches and upstream connections, causing subsequent requests from legitimate users to receive responses intended for smuggled requests\n\n\n\n\n * Perform cross-user attacks by hijacking sessions or smuggling requests that appear to originate from the trusted proxy IP\n\n\n\n\nCloudflare\u0027s CDN infrastructure was not affected by this vulnerability, as its ingress proxy layers forwarded HTTP/1.1 requests only, rejected ambiguous framing such as invalid Content-Length values, and forwarded a single Transfer-Encoding: chunked header for chunked requests.\n\n\nMitigation:\n\nPingora users should upgrade to Pingora v0.8.0 or higher that fixes this issue by correctly parsing message length headers per RFC 9112 and strictly adhering to more RFC guidelines, including that HTTP request bodies are never close-delimited.\n\nAs a workaround, users can reject certain requests with an error in the request filter logic in order to stop processing bytes on the connection and disable downstream connection reuse. The user should reject any non-HTTP/1.1 request, or a request that has invalid Content-Length, multiple Transfer-Encoding headers, or Transfer-Encoding header that is not an exact \u201cchunked\u201d string match.",
"id": "GHSA-262p-vjx5-45xh",
"modified": "2026-03-05T20:55:52Z",
"published": "2026-03-05T00:31:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2835"
},
{
"type": "WEB",
"url": "https://github.com/cloudflare/pingora"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2026-0034.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
],
"summary": "Duplicate Advisory: HTTP Request Smuggling via HTTP/1.0 and Transfer-Encoding Misparsing",
"withdrawn": "2026-03-05T20:55:52Z"
}
GHSA-2637-3GXC-QG4F
Vulnerability from github – Published: 2026-05-29 07:20 – Updated: 2026-05-29 15:30A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the soup_body_input_stream_read_chunked() function by sending a malicious HTTP request. This vulnerability occurs when libsoup operates behind a non-libsoup proxy server or as a proxy in front of a non-libsoup backend server. Successful exploitation can allow an attacker to bypass security controls, poison web caches, or gain unauthorized access.
{
"affected": [],
"aliases": [
"CVE-2026-6324"
],
"database_specific": {
"cwe_ids": [
"CWE-444"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-29T07:16:14Z",
"severity": "MODERATE"
},
"details": "A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the `soup_body_input_stream_read_chunked()` function by sending a malicious HTTP request. This vulnerability occurs when libsoup operates behind a non-libsoup proxy server or as a proxy in front of a non-libsoup backend server. Successful exploitation can allow an attacker to bypass security controls, poison web caches, or gain unauthorized access.",
"id": "GHSA-2637-3gxc-qg4f",
"modified": "2026-05-29T15:30:32Z",
"published": "2026-05-29T07:20:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6324"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-6324"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458479"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/508"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/work_items/508"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2862-59R4-C989
Vulnerability from github – Published: 2024-02-08 09:30 – Updated: 2025-02-13 18:32Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows attacker to smuggle request.
Vulnerability Cause Description:
The http_parser does not comply with the RFC-7230 HTTP 1.1 specification.
Attack scenario: If a message is received with both a Transfer-Encoding and a Content-Length header field, such a message might indicate an attempt to perform request smuggling or response splitting. One particular attack scenario is that a bRPC made http server on the backend receiving requests in one persistent connection from frontend server that uses TE to parse request with the logic that 'chunk' is contained in the TE field. in that case an attacker can smuggle a request into the connection to the backend server.
Solution: You can choose one solution from below: 1. Upgrade bRPC to version 1.8.0, which fixes this issue. Download link: https://github.com/apache/brpc/releases/tag/1.8.0 2. Apply this patch: https://github.com/apache/brpc/pull/2518
{
"affected": [],
"aliases": [
"CVE-2024-23452"
],
"database_specific": {
"cwe_ids": [
"CWE-444"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-08T09:15:46Z",
"severity": "HIGH"
},
"details": "Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows attacker to smuggle request.\n\nVulnerability Cause Description\uff1a\n\nThe http_parser does not comply with the RFC-7230 HTTP 1.1 specification.\n\nAttack\u00a0scenario:\nIf a message is received with both a Transfer-Encoding and a Content-Length header field, such a message might indicate an attempt to perform request smuggling or response splitting.\nOne particular attack scenario is that a bRPC made http server on the backend receiving requests in one persistent connection from frontend server that uses TE to parse request with the logic that \u0027chunk\u0027 is contained in the TE field. in that case an attacker can smuggle a request into the connection to the backend server.\u00a0\n\nSolution:\nYou can choose one solution from below:\n1. Upgrade bRPC to version 1.8.0, which fixes this issue. Download link: https://github.com/apache/brpc/releases/tag/1.8.0\n 2. Apply this patch:\u00a0 https://github.com/apache/brpc/pull/2518",
"id": "GHSA-2862-59r4-c989",
"modified": "2025-02-13T18:32:13Z",
"published": "2024-02-08T09:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23452"
},
{
"type": "WEB",
"url": "https://github.com/apache/brpc/pull/2518"
},
{
"type": "WEB",
"url": "https://github.com/apache/brpc/releases/tag/1.8.0"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/kkvdpwyr2s2yt9qvvxfdzon012898vxd"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/02/08/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2CXF-F44J-GQQF
Vulnerability from github – Published: 2023-11-16 00:30 – Updated: 2025-10-22 00:32Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Due to improper validation of HTTP headers, a remote attacker is able to elevate their privilege by tunneling HTTP requests, allowing them to execute HTTP requests on the backend server that hosts the repository application. The fixed versions are August 2023 Patch 2, May 2023 Patch 6, February 2023 Patch 10, November 2022 Patch 12, August 2022 Patch 14, May 2022 Patch 16, February 2022 Patch 15, and November 2021 Patch 17. NOTE: this issue exists because of an incomplete fix for CVE-2023-41265.
{
"affected": [],
"aliases": [
"CVE-2023-48365"
],
"database_specific": {
"cwe_ids": [
"CWE-444"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-15T22:15:28Z",
"severity": "CRITICAL"
},
"details": "Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Due to improper validation of HTTP headers, a remote attacker is able to elevate their privilege by tunneling HTTP requests, allowing them to execute HTTP requests on the backend server that hosts the repository application. The fixed versions are August 2023 Patch 2, May 2023 Patch 6, February 2023 Patch 10, November 2022 Patch 12, August 2022 Patch 14, May 2022 Patch 16, February 2022 Patch 15, and November 2021 Patch 17. NOTE: this issue exists because of an incomplete fix for CVE-2023-41265.",
"id": "GHSA-2cxf-f44j-gqqf",
"modified": "2025-10-22T00:32:53Z",
"published": "2023-11-16T00:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48365"
},
{
"type": "WEB",
"url": "https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/tac-p/2120510"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-48365"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2GCR-MFCQ-WCC3
Vulnerability from github – Published: 2026-06-04 18:01 – Updated: 2026-06-04 18:01Summary
app.mount() strips the mount prefix from the incoming request path using the raw URL pathname, while route matching is performed against the percent-decoded path. This inconsistency causes the prefix to be stripped at the wrong position when the path contains percent-encoded multi-byte characters, resulting in the mounted sub-application receiving an incorrect path.
Details
When app.mount(prefix, subApp) is called, Hono calculates the number of characters to strip based on the decoded mount prefix length, but then applies that slice to the raw URL pathname. When the URL contains percent-encoded characters that expand to fewer characters when decoded (such as encoded non-ASCII characters), the two representations have different lengths, so the prefix is stripped at the wrong byte offset.
As a result, the sub-application receives a path that does not correspond to the intended sub-path — it may receive a partial or garbled path instead of the expected value after the mount prefix is removed.
This issue arises when an application uses app.mount() with paths that contain percent-encoded characters, particularly when the mount prefix itself or the request path contains encoded non-ASCII characters.
Impact
A mounted sub-application may receive an incorrectly stripped path, causing requests to be routed to unintended handlers within the sub-application.
This may lead to:
- Middleware or route handlers in the sub-application being bypassed or incorrectly matched due to the malformed path
- Requests reaching sub-application routes that the developer did not intend to be accessible via the mounted path
This issue affects applications that use app.mount() where the request URL may contain percent-encoded characters in the mount prefix or subsequent path segments.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "hono"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.12.21"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-47676"
],
"database_specific": {
"cwe_ids": [
"CWE-444",
"CWE-693"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-04T18:01:00Z",
"nvd_published_at": "2026-05-28T17:16:32Z",
"severity": "MODERATE"
},
"details": "### Summary\n\n`app.mount()` strips the mount prefix from the incoming request path using the raw URL pathname, while route matching is performed against the percent-decoded path. This inconsistency causes the prefix to be stripped at the wrong position when the path contains percent-encoded multi-byte characters, resulting in the mounted sub-application receiving an incorrect path.\n\n### Details\n\nWhen `app.mount(prefix, subApp)` is called, Hono calculates the number of characters to strip based on the decoded mount prefix length, but then applies that slice to the raw URL pathname. When the URL contains percent-encoded characters that expand to fewer characters when decoded (such as encoded non-ASCII characters), the two representations have different lengths, so the prefix is stripped at the wrong byte offset.\n\nAs a result, the sub-application receives a path that does not correspond to the intended sub-path \u2014 it may receive a partial or garbled path instead of the expected value after the mount prefix is removed.\n\nThis issue arises when an application uses `app.mount()` with paths that contain percent-encoded characters, particularly when the mount prefix itself or the request path contains encoded non-ASCII characters.\n\n### Impact\n\nA mounted sub-application may receive an incorrectly stripped path, causing requests to be routed to unintended handlers within the sub-application.\n\nThis may lead to:\n\n- Middleware or route handlers in the sub-application being bypassed or incorrectly matched due to the malformed path\n- Requests reaching sub-application routes that the developer did not intend to be accessible via the mounted path\n\nThis issue affects applications that use `app.mount()` where the request URL may contain percent-encoded characters in the mount prefix or subsequent path segments.",
"id": "GHSA-2gcr-mfcq-wcc3",
"modified": "2026-06-04T18:01:00Z",
"published": "2026-06-04T18:01:00Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/honojs/hono/security/advisories/GHSA-2gcr-mfcq-wcc3"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47676"
},
{
"type": "WEB",
"url": "https://github.com/honojs/hono/commit/6cbb025ff87fca1a3d00d0ccca0eaf3a6385c3f1"
},
{
"type": "PACKAGE",
"url": "https://github.com/honojs/hono"
},
{
"type": "WEB",
"url": "https://github.com/honojs/hono/releases/tag/v4.12.21"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Hono: app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths"
}
GHSA-2HWM-6XJF-3XMX
Vulnerability from github – Published: 2022-03-15 00:01 – Updated: 2022-03-19 00:01Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling
{
"affected": [],
"aliases": [
"CVE-2022-22720"
],
"database_specific": {
"cwe_ids": [
"CWE-444"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-14T11:15:00Z",
"severity": "CRITICAL"
},
"details": "Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling",
"id": "GHSA-2hwm-6xjf-3xmx",
"modified": "2022-03-19T00:01:09Z",
"published": "2022-03-15T00:01:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22720"
},
{
"type": "WEB",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-20"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220321-0001"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213255"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213256"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213257"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/May/33"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/May/38"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2022/03/14/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2M77-R9W3-W44V
Vulnerability from github – Published: 2026-04-24 00:31 – Updated: 2026-04-24 00:31A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields. This allows an attacker to send HTTP requests containing multiple Content-Length headers with differing values.
{
"affected": [],
"aliases": [
"CVE-2026-2708"
],
"database_specific": {
"cwe_ids": [
"CWE-444"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-23T22:16:29Z",
"severity": "LOW"
},
"details": "A request smuggling vulnerability exists in libsoup\u0027s HTTP/1 header parsing logic. The soup_message_headers_append_common() function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields. This allows an attacker to send HTTP requests containing multiple Content-Length headers with differing values.",
"id": "GHSA-2m77-r9w3-w44v",
"modified": "2026-04-24T00:31:51Z",
"published": "2026-04-24T00:31:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2708"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-2708"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440743"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/issues/500"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/513"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2MJP-6Q6P-2QXM
Vulnerability from github – Published: 2026-03-13 20:07 – Updated: 2026-03-13 20:07Impact
Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names (e.g., Content-Length and content-length). This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire.
Who is impacted:
- Applications using undici.request(), undici.Client, or similar low-level APIs with headers passed as flat arrays
- Applications that accept user-controlled header names without case-normalization
Potential consequences:
- Denial of Service: Strict HTTP parsers (proxies, servers) will reject requests with duplicate Content-Length headers (400 Bad Request)
- HTTP Request Smuggling: In deployments where an intermediary and backend interpret duplicate headers inconsistently (e.g., one uses the first value, the other uses the last), this can enable request smuggling attacks leading to ACL bypass, cache poisoning, or credential hijacking
Patches
Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.
Workarounds
If upgrading is not immediately possible:
- Validate header names: Ensure no duplicate
Content-Lengthheaders (case-insensitive) are present before passing headers to undici - Use object format: Pass headers as a plain object (
{ 'content-length': '123' }) rather than an array, which naturally deduplicates by key - Sanitize user input: If headers originate from user input, normalize header names to lowercase and reject duplicates
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "undici"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.24.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "undici"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.24.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-1525"
],
"database_specific": {
"cwe_ids": [
"CWE-444"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-13T20:07:03Z",
"nvd_published_at": "2026-03-12T20:16:02Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nUndici allows duplicate HTTP `Content-Length` headers when they are provided in an array with case-variant names (e.g., `Content-Length` and `content-length`). This produces malformed HTTP/1.1 requests with multiple conflicting `Content-Length` values on the wire.\n\n**Who is impacted:**\n - Applications using `undici.request()`, `undici.Client`, or similar low-level APIs with headers passed as flat arrays\n - Applications that accept user-controlled header names without case-normalization\n\n**Potential consequences:**\n - **Denial of Service**: Strict HTTP parsers (proxies, servers) will reject requests with duplicate `Content-Length` headers (400 Bad Request)\n - **HTTP Request Smuggling**: In deployments where an intermediary and backend interpret duplicate headers inconsistently (e.g., one uses the first value, the other uses the last), this can enable request smuggling attacks leading to ACL bypass, cache poisoning, or credential hijacking\n\n### Patches\n\n Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.\n\n### Workarounds\n\n If upgrading is not immediately possible:\n\n 1. **Validate header names**: Ensure no duplicate `Content-Length` headers (case-insensitive) are present before passing headers to undici\n 2. **Use object format**: Pass headers as a plain object (`{ \u0027content-length\u0027: \u0027123\u0027 }`) rather than an array, which naturally deduplicates by key\n 3. **Sanitize user input**: If headers originate from user input, normalize header names to lowercase and reject duplicates",
"id": "GHSA-2mjp-6q6p-2qxm",
"modified": "2026-03-13T20:07:03Z",
"published": "2026-03-13T20:07:03Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-2mjp-6q6p-2qxm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1525"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/3556037"
},
{
"type": "WEB",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"type": "WEB",
"url": "https://cwe.mitre.org/data/definitions/444.html"
},
{
"type": "PACKAGE",
"url": "https://github.com/nodejs/undici"
},
{
"type": "WEB",
"url": "https://www.rfc-editor.org/rfc/rfc9110.html#section-8.6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Undici has an HTTP Request/Response Smuggling issue"
}
GHSA-2V7C-2X99-GV22
Vulnerability from github – Published: 2022-05-24 17:12 – Updated: 2022-10-07 00:01There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked encoding. Upgrade to versions 7.1.9 and 8.0.6 or later versions.
{
"affected": [],
"aliases": [
"CVE-2019-17565"
],
"database_specific": {
"cwe_ids": [
"CWE-444"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-03-23T22:15:00Z",
"severity": "HIGH"
},
"details": "There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.8, and 8.0.0 to 8.0.5 with a smuggling attack and chunked encoding. Upgrade to versions 7.1.9 and 8.0.6 or later versions.",
"id": "GHSA-2v7c-2x99-gv22",
"modified": "2022-10-07T00:01:04Z",
"published": "2022-05-24T17:12:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17565"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4672"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2W7W-2J92-44HX
Vulnerability from github – Published: 2021-05-10 15:17 – Updated: 2021-03-19 22:36A vulnerable Akka HTTP server will accept a malformed message and hand it over to the user. If the user application proxies this message to another server unchanged and that server also accepts that message but interprets it as two HTTP messages, the second message has reached the second server without having been inspected by the proxy.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.typesafe.akka:akka-http-core"
},
"ranges": [
{
"events": [
{
"introduced": "10.2.0"
},
{
"fixed": "10.2.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "com.typesafe.akka:akka-http-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "10.1.14"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-23339"
],
"database_specific": {
"cwe_ids": [
"CWE-444"
],
"github_reviewed": true,
"github_reviewed_at": "2021-03-19T22:36:01Z",
"nvd_published_at": "2021-02-17T08:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerable Akka HTTP server will accept a malformed message and hand it over to the user. If the user application proxies this message to another server unchanged and that server also accepts that message but interprets it as two HTTP messages, the second message has reached the second server without having been inspected by the proxy.",
"id": "GHSA-2w7w-2j92-44hx",
"modified": "2021-03-19T22:36:01Z",
"published": "2021-05-10T15:17:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23339"
},
{
"type": "WEB",
"url": "https://github.com/akka/akka-http/pull/3754%23issuecomment-779265201"
},
{
"type": "WEB",
"url": "https://github.com/akka/akka-http/commit/e3a4935151c91cee28e65e6b894dd50839ef9d34"
},
{
"type": "WEB",
"url": "https://doc.akka.io/docs/akka-http/10.1/security/2021-02-24-incorrect-handling-of-Transfer-Encoding-header.html"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JAVA-COMTYPESAFEAKKA-1075043"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "HTTP Request Smuggling in akka-http-core"
}
Mitigation
Use a web server that employs a strict HTTP parsing procedure, such as Apache [REF-433].
Mitigation
Use only SSL communication.
Mitigation
Terminate the client session after each request.
Mitigation
Turn all pages to non-cacheable.
CAPEC-273: HTTP Response Smuggling
An adversary manipulates and injects malicious content in the form of secret unauthorized HTTP responses, into a single HTTP response from a vulnerable or compromised back-end HTTP agent (e.g., server).
See CanPrecede relationships for possible consequences.
CAPEC-33: HTTP Request Smuggling
An adversary abuses the flexibility and discrepancies in the parsing and interpretation of HTTP Request messages using various HTTP headers, request-line and body parameters as well as message sizes (denoted by the end of message signaled by a given HTTP header) by different intermediary HTTP agents (e.g., load balancer, reverse proxy, web caching proxies, application firewalls, etc.) to secretly send unauthorized and malicious HTTP requests to a back-end HTTP agent (e.g., web server).
See CanPrecede relationships for possible consequences.