EUVD-2026-37790

Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Content-Length headers with differing values, forwarding all duplicate headers to the backend while using the first value to determine how many request body bytes to consume. Remote attackers can...

CVE-2026-23941 Request smuggling via first-wins Content-Length parsing in inets httpd

Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/7. The...

CVE-2026-23941

CVE-2026-23941 - Erlang OTP inets httpd HTTP Request Smuggling Technical details in connected documents describe a vulnerability in Erlang OTP’s inets httpd module (httpd_request.erl, httpd_request:parse_headers/7) where the server does not reject or normalize duplicate Content-Length headers. Th...

EUVD-2025-35358

Connection desynchronization between an HTTP proxy and the model backend. The fixes were rolled out for all proxies in front of impacted models by 2025-09-28. Users do not need to take any action...