CVE-2026-49753 HTTP response smuggling in Mint HTTP/1 client via lenient Content-Length parsing

🗓️ 02 Jun 2026 14:15:17Reported by EEFType

HTTP/1.1 content-length parsing accepts +signs, enabling response smuggling on Mint connections.

Reporter	Title	Published	Views	Family All 8
ATTACKERKB	CVE-2026-49753	2 Jun 202614:15	–	attackerkb
CVE	CVE-2026-49753	2 Jun 202614:15	–	cve
EUVD	EUVD-2026-33941	2 Jun 202614:15	–	euvd
NVD	CVE-2026-49753	2 Jun 202616:16	–	nvd
OSV	EEF-CVE-2026-49753 HTTP response smuggling in Mint HTTP/1 client via lenient Content-Length parsing	2 Jun 202614:15	–	osv
Positive Technologies	PT-2026-45786	2 Jun 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-49753	5 Jun 202619:34	–	redhatcve
Vulnrichment	CVE-2026-49753 HTTP response smuggling in Mint HTTP/1 client via lenient Content-Length parsing	2 Jun 202614:15	–	vulnrichment

[
  {
    "collectionURL": "https://repo.hex.pm",
    "cpes": [
      "cpe:2.3:a:elixir-mint:mint:*:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "modules": [
      "'Elixir.Mint.HTTP1.Parse'"
    ],
    "packageName": "mint",
    "packageURL": "pkg:hex/mint",
    "product": "mint",
    "programFiles": [
      "lib/mint/http1/parse.ex"
    ],
    "programRoutines": [
      {
        "name": "'Elixir.Mint.HTTP1.Parse':content_length_header/1"
      }
    ],
    "repo": "https://github.com/elixir-mint/mint",
    "vendor": "elixir-mint",
    "versions": [
      {
        "lessThan": "1.9.0",
        "status": "affected",
        "version": "0.1.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "collectionURL": "https://github.com",
    "cpes": [
      "cpe:2.3:a:elixir-mint:mint:*:*:*:*:*:*:*:*"
    ],
    "defaultStatus": "unaffected",
    "modules": [
      "'Elixir.Mint.HTTP1.Parse'"
    ],
    "packageName": "elixir-mint/mint",
    "packageURL": "pkg:github/elixir-mint/mint",
    "product": "mint",
    "programFiles": [
      "lib/mint/http1/parse.ex"
    ],
    "programRoutines": [
      {
        "name": "'Elixir.Mint.HTTP1.Parse':content_length_header/1"
      }
    ],
    "repo": "https://github.com/elixir-mint/mint.git",
    "vendor": "elixir-mint",
    "versions": [
      {
        "lessThan": "47e48027480228e4e32a0b4df39db497b4804921",
        "status": "affected",
        "version": "65e0e86d799a6d3b08e4372fccdd9747535e0dd6",
        "versionType": "git"
      }
    ]
  }
]

Source	Link
github	www.github.com/elixir-mint/mint/security/advisories/GHSA-mjqx-c6f6-7rc2
osv	www.osv.dev/vulnerability/EEF-CVE-2026-49753
github	www.github.com/elixir-mint/mint/commit/47e48027480228e4e32a0b4df39db497b4804921
cna	www.cna.erlef.org/cves/CVE-2026-49753.html

02 Jun 2026 19:14Current

CVSS 46.3

EPSS0.00301

CWE-444