Linux Distros Unpatched Vulnerability : CVE-2026-7790

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Uncontrolled Resource Consumption vulnerability in ninenines cowlib cowhttpte module allows Excessive Allocation. The chunked transfer-encoding parser in...

GHSA-32P9-57CR-4X65 cowlib cow_http_te module: Uncontrolled Resource Consumption vulnerability allows Excessive Allocation

Uncontrolled Resource Consumption vulnerability in ninenines cowlib cowhttpte module allows Excessive Allocation. The chunked transfer-encoding parser in cowhttpte accepts an unbounded number of hex digits in the chunk-size field. Each digit causes a bignum multiplication Len 16 + digit, so parsi...

CVE-2026-7790

CVE-2026-7790 : Uncontrolled resource consumption in ninenines cowlib (cow_http_te) allows CPU and memory DoS via HTTP/1.1 chunked transfer encoding. The chunk-size field accepts an unbounded number of hex digits, causing O(N^2) CPU work and O(N) memory for N digits; drip-fed input worsens this t...

EEF-CVE-2026-7790 Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS

Summary Uncontrolled Resource Consumption vulnerability in ninenines cowlib cowhttpte module allows Excessive Allocation. The chunked transfer-encoding parser in cowhttpte accepts an unbounded number of hex digits in the chunk-size field. Each digit causes a bignum multiplication Len 16 + digit, ...

Netty vulnerable to HTTP Request Smuggling due to incorrect chunk size parsing

Summary Netty's chunk size parser silently overflows int, enabling request smuggling attacks. Details io.netty.handler.codec.http.HttpObjectDecodergetChunkSize silently overflows int. The size is accumulated as follows: result = 16; result += digit; The result is checked only for negative values...

GHSA-M4CV-J2PX-7723 Netty vulnerable to HTTP Request Smuggling due to incorrect chunk size parsing

Summary Netty's chunk size parser silently overflows int, enabling request smuggling attacks. Details io.netty.handler.codec.http.HttpObjectDecodergetChunkSize silently overflows int. The size is accumulated as follows: result = 16; result += digit; The result is checked only for negative values...

PT-2026-38373

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.2.13.Final Netty versions prior to 4.1.133.Final Description Netty's chunk size parser silently overflows an integer, which allows for request smuggling attacks. This occurs within the getChunkSize function of the...

io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass...

CVE-2026-40562

Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values

A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass...

Astra Linux – Vulnerability in Twisted

In Twisted Web version 19.10.0, there was an HTTP request splitting vulnerability. When a content-length and a chunked encoding header were provided, the content-length took precedence, and the remaining part of the request body was interpreted as a pipelined request...

Astra Linux - Vulnerability in Golang-1.19

A malicious HTTP sender can use chunk extensions to cause the recipient reading from the request or response body to read much more bytes from the network than actually exist in the body. A malicious HTTP client can further exploit this to cause the server to automatically read a large amount of...

Astra Linux – Vulnerability in Puma

Puma is a Ruby/Rack web server designed for parallelism. Prior to versions 6.3.1 and 5.6.7, Puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers, which could allow HTTP request smuggling. The severity of this issue depends heavily ...

CVE-2026-40560

Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An...

PT-2026-35863

Name of the Vulnerable Software and Affected Versions Starman versions prior to 0.4018 Description Improper header precedence allows HTTP Request Smuggling. The software incorrectly prioritizes the Content-Length header over Transfer-Encoding: chunked when both are present in an HTTP request, whi...

CLSA-2026-1776855452 libsoup: Fix of 2 CVEs

CVE-2026-1801: use CRLF as line boundary when parsing chunked encoding data to prevent HTTP request smuggling via lone LF - CVE-2026-2443: reject Range header ends exceeding content length to prevent out-of-bounds read in byte range handling...

CLSA-2026-1776854729 libsoup: Fix of 2 CVEs

CVE-2026-1801: use CRLF as line boundary when parsing chunked encoding data to prevent HTTP request smuggling via lone LF - CVE-2026-2443: reject Range header ends exceeding content length to prevent out-of-bounds read in byte range handling...

actix-http has HTTP/1.1 CL.TE Request Smuggling

A vulnerability in actix-http's HTTP/1.1 request parser allows an unauthenticated remote client to smuggle requests in deployments where a front-end HTTP intermediary and the Actix backend disagree about whether Content-Length or Transfer-Encoding: chunked defines the request body length...

HTTP Chunked Encoding Behavior Analyzer

This script is a security analysis tool designed to test how a web server such as Kestrel-based applications handles HTTP requests using chunked transfer encoding...

📄 ASP.net 8.0.10 Core Kestrel HTTP Request Smuggling

This Metasploit auxiliary module targets a critical HTTP request smuggling vulnerability in ASP.NET Core Kestrel caused by improper parsing of malformed chunked transfer encoding notably LF-only line handling and case-variant headers like chUnKEd...