Description

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread body bytes remain on the TCP stream and are interpreted as the start of a new HTTP request. An attacker can embed an arbitrary HTTP request inside the body of a GET request, which the server processes as a separate request. This issue has been patched in version 0.40.0.

INFO

Published Date :

2026-03-31T21:21:33.197Z

Last Modified :

2026-04-01T15:53:07.782Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-34441 vulnerability.

Vendors Products
Yhirose
  • Cpp-httplib
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-34441.

URL Resource
https://github.com/yhirose/cpp-httplib/releases/tag/v0.40.0 cve-icon cve-icon
https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-jv63-rm9j-6jwc cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact