CVE-2026-54388 Tinyproxy - HTTP Request Smuggling via Duplicate Content-Length Headers

Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Content-Length headers with differing values, forwarding all duplicate headers to the backend while using the first value to determine how many request body bytes to consume. Remote attackers can...

Security Bulletin: Multiple Vulnerabilities in IBM Bob

Summary Multiple vulnerabilities were addressed in IBM Bob V 1.0.3 Vulnerability Details CVEID:CVE-2026-40175 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1 are vulnerable to a specific gadget-style attack chain in which prototype...

Security Bulletin: Erlang OTP inets httpd Vulnerable to HTTP Request Smuggling via Duplicate Content-Length Headers

Summary Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/...

CLSA-2026-1778756991 libsoup: Fix of CVE-2026-2708

CVE-2026-2708: reject duplicate Content-Length headers with different values to prevent HTTP request smuggling per RFC 9110 section 7.7...

CVE-2026-39805

A flaw was found in Bandit, an HTTP server. This vulnerability allows for HTTP request smuggling due to the server's inconsistent handling of duplicate Content-Length headers in HTTP requests. An unauthenticated attacker can exploit this by sending a specially crafted request. If Bandit is...

Security Bulletin: Erlang OTP inets httpd HTTP Request Smuggling via Duplicate Content-Length Handling

Summary Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in Erlang OTP inets httpd module allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/httpserver/httpdrequest.erl and program routines httpdrequest:parseheaders/...

EUVD-2026-26712

Bandit is vulnerable to CL.CL request smuggling via unrejected duplicate Content-Length header...

GHSA-C67R-GC9J-2QF7 Bandit is vulnerable to CL.CL request smuggling via unrejected duplicate `Content-Length` header

Summary Bandit is vulnerable to CL.CL HTTP request smuggling: it silently accepts requests with two Content-Length headers whose values differ, takes the first value, and dispatches the body bytes as a second pipelined request on the same keep-alive connection. RFC 9110 §5.3 prohibits multiple...

RHCOS : OpenShift Container Platform 4.8.25 (RHSA-2021:5208)

The remote Red Hat Enterprise Linux CoreOS host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:5208 advisory. - haproxy: does not ensure that the scheme and path portions of a URI have the expected characters CVE-2021-39240 - haproxy: an HTTP...

CVE-2026-39805

Inconsistent Interpretation of HTTP Requests vulnerability in mtrudel bandit allows HTTP request smuggling via duplicate Content-Length headers. 'Elixir.Bandit.Headers':getcontentlength/1 in lib/bandit/headers.ex uses List.keyfind/3, which returns only the first matching header. When a request...

CVE-2026-39805

CVE-2026-39805 describes an HTTP request smuggling flaw in Elixir Bandit (bandit) due to Bandit.Headers:get_content_length/1 using List.keyfind/3. If a request carries two Content-Length headers with different values, Bandit may read the body using the first value and dispatch the remaining bytes...

EEF-CVE-2026-39805 CL.CL HTTP request smuggling via duplicate Content-Length in bandit

Summary Inconsistent Interpretation of HTTP Requests vulnerability in mtrudel bandit allows HTTP request smuggling via duplicate Content-Length headers. 'Elixir.Bandit.Headers':getcontentlength/1 in lib/bandit/headers.ex uses List.keyfind/3, which returns only the first matching header. When a...

PT-2026-36541

Name of the Vulnerable Software and Affected Versions bandit versions prior to 1.11.0 Description Inconsistent interpretation of HTTP requests allows HTTP request smuggling via duplicate Content-Length headers. The function get content length in Elixir.Bandit.Headers uses List.keyfind/3, which on...

CVE-2026-2708 Libsoup: libsoup: http request smuggling via duplicate content-length headers

A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soupmessageheadersappendcommon function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields. This allows an attacker...

CVE-2026-2708

CVE-2026-2708 affects the Libsoup HTTP/1 parser. The soup_message_headers_append_common() function unconditionally appends header values without validating for duplicate or conflicting Content-Length fields, enabling HTTP request smuggling via multiple Content-Length headers with differing values...

undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers

A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing e.g., "Content-Length" and "content-length". This can lead to HTTP Request Smuggling, a...

undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers

A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing e.g., "Content-Length" and "content-length". This can lead to HTTP Request Smuggling, a...

RHEL 10 : nodejs24 (RHSA-2026:7675)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7675 advisory. Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an...

RockyLinux 10 : nodejs22 (RLSA-2026:7080)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:7080 advisory. brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion CVE-2026-25547 minimatch: minimatch: Denial of Service via...

undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers

A flaw was found in undici, a Node.js HTTP/1.1 client. A remote attacker could exploit this vulnerability by sending HTTP/1.1 requests that include duplicate Content-Length headers with different casing e.g., "Content-Length" and "content-length". This can lead to HTTP Request Smuggling, a...