SAP Memory Pipes (MPI) Desynchronization

SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable to request smuggling and request concatenation attacks. An unauthenticated attacker can prepend a victim's request with arbitrary data. This...

Qlik Sense Enterprise - HTTP Request Smuggling

An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunnelin...

CVE-2026-58055

nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting...

CVE-2026-58055

nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting...

EUVD-2026-39975

nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting...

CVE-2026-58055

nghttp2 nghttpx (up to version 1.69.0) is affected. The proxy forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body to reusable keep-alive backend connections, re-adding Upgrade and Connection headers while passing Content-Length verbatim. This creates an ambiguo...

CVE-2026-58055 nghttp2 nghttpx - HTTP Request/Response Smuggling via Upgrade Request with Content-Length

nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting...

EUVD-2026-31690

Hackney has CRLF / header injection in WebSocket upgrade request...

EUVD-2026-37798

PHP Standard Library: HTTP/2 server-side missing content-length validation enables request smuggling...

CVE-2026-48743

Envoy (open source edge/service proxy) contains a HTTP/3 to HTTP/1 request smuggling vulnerability prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1. A downstream HTTP/3 request that is complete at the transport layer with a nonzero Content-Length can be mistranslated into a complete upstream...

PT-2026-52885

Name of the Vulnerable Software and Affected Versions Envoy versions 1.34.0 through 1.35.12 Envoy versions 1.36.0 through 1.36.8 Envoy versions 1.37.0 through 1.37.4 Envoy versions 1.38.0 through 1.38.2 Description The PROXY Protocol v2 header generator emits Type-Length-Values TLVs that exceed t...

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by HTTP request smuggling (CVE-2026-11541)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by remote code execution and HTTP request smuggling. Vulnerability Details CVEID:CVE-2026-11541 DESCRIPTION: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by an...

JLSEC-2026-618 HTTP/1 request smuggling via bare-LF, lenient chunk size, and TE/CL handling in HTTP.jl server

Description The HTTP/1 server request parser had three framing primitives that could make HTTP.jl disagree with a fronting proxy about message boundaries on a reused keep-alive connection. 1 readlinecrlf tolerated a bare LF on its buffered fast path but required CRLF on the slow path, so the...

JLSEC-2026-616 HTTP/1 client request smuggling via CR/LF in method, target, or host in HTTP.jl

Description The HTTP/1 client serialized request.method and request.target and, in forward-proxy absolute-form, the host verbatim onto the wire with no CR/LF/CTL filtering; the only target validator was wired solely into the server parse path. A caller passing an attacker-influenced URL or method...

JLSEC-2026-623 Insufficient HTTP/2 pseudo-header and Host/:authority validation in HTTP.jl server

Description The HTTP/2 server's request validator passed only :method, :path, and :authority through a normalizer that rejects CR/LF/CTL but permits SP/HTAB and applies no host or token grammar. As a result a :method such as "GET /admin?x=" was accepted, :path could carry interior whitespace, and...

Important: Red Hat Security Advisory: Red Hat build of Cryostat security update

An update is now available for the Red Hat build of Cryostat 4 on RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

CVE-2026-8646

IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to HTTP request smuggling. A remote attacker could smuggle a specially crafted request to the application server thereby allowing the attacker to bypass security...

EUVD-2026-38251

IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to HTTP request smuggling. A remote attacker could smuggle a specially crafted request to the application server thereby allowing the attacker to bypass security...

CVE-2026-8646 IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilities

IBM WebSphere Application Server 9.0 and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to HTTP request smuggling. A remote attacker could smuggle a specially crafted request to the application server thereby allowing the attacker to bypass security...

CVE-2026-8646

Summary: CVE-2026-8646 affects IBM WebSphere Application Server (traditional), WebSphere Application Server Liberty, and related components. The vulnerability arises from HTTP request smuggling, allowing a remote attacker to bypass security controls, spoof identity, and potentially escalate privi...