Description

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, when a request handler throws a C++ exception and the application has not registered a custom exception handler via set_exception_handler(), the library catches the exception and writes its message directly into the HTTP response as a header named EXCEPTION_WHAT. This header is sent to whoever made the request, with no authentication check and no special configuration required to trigger it. The behavior is on by default. A developer who does not know to opt in to set_exception_handler() will ship a server that leaks internal exception messages to any client. This vulnerability is fixed in 0.35.0.

INFO

Published Date :

2026-03-04T19:34:30.486Z

Last Modified :

2026-03-04T20:55:40.320Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-28434 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-28434.

URL Resource
https://github.com/yhirose/cpp-httplib/commit/defd907c7469c5c8281247b73bbd07be24c31164 cve-icon cve-icon
https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-8mpw-r4gc-xm7q cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact