Description

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service (DoS) vulnerability exists in cpp-httplib due to the unsafe handling of compressed HTTP request bodies (Content-Encoding: gzip, br, etc.). The library validates the payload_max_length against the compressed data size received from the network, but does not limit the size of the decompressed data stored in memory.

INFO

Published Date :

2026-01-12T18:18:01.527Z

Last Modified :

2026-01-12T18:49:59.317Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-22776 vulnerability.

Vendors Products
Yhirose
  • Cpp-httplib
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-22776.

URL Resource
https://github.com/yhirose/cpp-httplib/commit/2e2e47bab1ae6a853476eecbc4bf279dd1fef792 cve-icon cve-icon
https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-h934-98h4-j43q cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability