CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/05/29 7:14 p.m.•22 views

CVE-2026-45352

The CVE-2026-45352 issue affects cpp-httplib (header-only HTTP/HTTPS library). Before version 0.43.4, the ChunkedDecoder::read_payload routine parses the chunk-size in chunked Transfer-Encoding with std::strtoul(), which can silently accept a minus sign. This allows negative chunk sizes (e.g., "-...

7.5CVSS5.7AI score0.00283EPSS

Exploits1References1Affected Software1

Vulnrichment•added 2026/05/29 7:14 p.m.•6 views

CVE-2026-45352 cpp-httplib DoS: Negative chunk-size in chunked Transfer-Encoding

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::readpayload function in cpp-httplib httplib.h parses the chunk-size field o...

5.3CVSS5.7AI score0.00283EPSS

ATTACKERKB•added 2026/05/29 7:14 p.m.•8 views

CVE-2026-45352

5.3CVSS5.7AI score0.00283EPSS

Exploits1References2Affected Software1

Cvelist•added 2026/05/29 7:14 p.m.•41 views

CVE-2026-45352 cpp-httplib DoS: Negative chunk-size in chunked Transfer-Encoding

5.3CVSS0.00283EPSS

Debian CVE•added 2026/05/29 7:14 p.m.•10 views

CVE-2026-45352

7.5CVSS5.7AI score0.00283EPSS

Exploits1

CNNVD•added 2026/05/29 12:0 a.m.•5 views

cpp-httplib 代码问题漏洞

cpp-httplib is a C++ library developed by Yhirose, designed for HTTP/HTTPS servers and clients. Versions of cpp-httplib prior to 0.44.0 contained code vulnerabilities. These vulnerabilities occurred when the server had a non-empty trusted proxy list; attackers could send HTTP requests with the...

8.7CVSS5.9AI score0.00283EPSS

Positive Technologies•added 2026/05/29 12:0 a.m.•6 views

PT-2026-44991

Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.44.0 Description A denial of service occurs when the server uses the set trusted proxies function with a non-empty trusted-proxy list. An attacker can send an HTTP request containing an X-Forwarded-For header wi...

8.7CVSS5.2AI score0.00283EPSS

Exploits1References13

CNNVD•added 2026/05/29 12:0 a.m.•8 views

cpp-httplib 安全漏洞

cpp-httplib is a C++ library developed by Yhirose, which includes HTTP/HTTPS server and client components. Versions of cpp-httplib prior to 0.43.4 contained security vulnerabilities. These vulnerabilities stemmed from negative chunk sizes in chunked transmission encoding, leading to unbounded...

7.5CVSS5.8AI score0.00283EPSS

OPENSUSE Linux•added 2026/05/21 12:0 a.m.•4 views

Security update for cpp-httplib (important)

openSUSE Security Update: Security update for cpp-httplib Announcement ID: openSUSE-SU-2026:0174-1 Rating: important References: 1255835 1256518 1259220 1259221 1259373 Cross-References: CVE-2026-21428 CVE-2026-22776 CVE-2026-28434 CVE-2026-28435 CVE-2026-29076 CVSS scores: CVE-2026-21428 SUSE: 8...

8.7CVSS5.8AI score0.00602EPSS

Exploits5References5

Positive Technologies•added 2026/05/13 12:0 a.m.•11 views

PT-2026-44988

Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.44.0 Description When the server parses an incoming request, it applies percent-decoding to every header value except Location and Referer. Because the validity check is field value is performed before decoding,...

9.9CVSS5.8AI score0.00254EPSS

Exploits1References16

Positive Technologies•added 2026/05/12 12:0 a.m.•12 views

PT-2026-44975

Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.43.4 Description A flaw exists in the way the library handles chunked Transfer-Encoding. The read payload function in httplib.h uses std::strtoul to parse the chunk-size field. Because std::strtoul accepts leadi...

7.8CVSS5.8AI score0.00283EPSS

Exploits1References7

Debian•added 2026/04/22 1:4 p.m.•3 views

[SECURITY] [DSA 6228-1] cpp-httplib security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6228-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff April 22, 2026 https://www.debian.org/security/faq -...

7.5CVSS7.1AI score0.00603EPSS

Exploits2

Tenable Nessus•added 2026/04/22 12:0 a.m.•2 views

Debian dsa-6228 : libcpp-httplib-dev - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6228 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6228-1 [email protected] https://www.debian.org/securit...

7.5CVSS5.9AI score0.00603EPSS

Exploits2References6

OSV•added 2026/04/18 12:0 a.m.•1 views

OPENSUSE-SU-2026:10573-1 cpp-httplib-devel-0.42.0-1.1 on GA media

These are all security issues fixed in the cpp-httplib-devel-0.42.0-1.1 package on the GA media of openSUSE Tumbleweed...

7.4CVSS5.8AI score0.00262EPSS

Exploits2References2

OSV•added 2026/04/11 2:4 p.m.•2 views

OESA-2026-1870 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.39.0, the cpp-httplib HTTP client forwards stored...

OSV•added 2026/04/11 2:4 p.m.•3 views

OESA-2026-1869 cpp-httplib security update

OSV•added 2026/04/11 2:4 p.m.•2 views

OESA-2026-1868 cpp-httplib security update

OSV•added 2026/04/11 2:4 p.m.•4 views

OESA-2026-1867 cpp-httplib security update