CWE-444— Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)
316 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-444page 6 of 7
- CVE-2025-1867CRITICALCVSS 10.0EG 0.02025-03-03
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in ithewei libhv allows HTTP Response Smuggling.This issue affects libhv: through 1.3.3.
- CVE-2025-23167MEDIUMCVSS 6.5EG 6.52025-05-19
A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and…
- CVE-2025-29904MEDIUMCVSS 5.3EG 5.32025-03-12
In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible
- CVE-2025-30346MEDIUMCVSS 5.4EG 5.42025-03-21
Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests.
- CVE-2025-31137HIGHCVSS 7.5EG 7.52025-04-01
React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this v…
- CVE-2025-31958LOWCVSS 3.7EG 3.72026-04-21
HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsiste…
- CVE-2025-32094MEDIUMCVSS 4.0EG 4.02025-08-07
An issue was discovered in Akamai Ghost, as used for the Akamai CDN platform before 2025-03-26. Under certain circumstances, a client making an HTTP/1.x OPTIONS request with an "Expect: 100-continue" header, and using obsolete line folding…
- CVE-2025-41082MEDIUMCVSS 6.9EG 0.02026-01-26
Illegal HTTP request traffic vulnerability (CL.0) in Altitude Communication Server, caused by inconsistent analysis of multiple HTTP requests over a single Keep-Alive connection using Content-Length headers. This can cause a desynchroniza…
- CVE-2025-41235HIGHCVSS 8.6EG 8.62025-05-30
Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies.
- CVE-2025-4366MEDIUMCVSS 6.1EG 6.12025-05-22
A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and po…
- CVE-2025-43859CRITICALCVSS 9.1EG 9.12025-04-24
h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has be…
- CVE-2025-4600HIGHCVSS 7.5EG 7.52025-05-16
A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer due to improper handling of chunked-encoded HTTP requests. This allowed attackers to craft requests that could be misinterpreted by backend ser…
- CVE-2025-47905MEDIUMCVSS 5.4EG 5.42025-05-13
Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries.
- CVE-2025-49005LOWCVSS 3.7EG 3.72025-07-03
Next.js is a React framework for building full-stack web applications. In Next.js App Router from 15.3.0 to before 15.3.3 and Vercel CLI from 41.4.1 to 42.2.0, a cache poisoning vulnerability was found. The issue allowed page requests for …
- CVE-2025-49826HIGHCVSS 7.5EG 7.52025-07-03
Next.js is a React framework for building full-stack web applications. From versions 15.0.4-canary.51 to before 15.1.8, a cache poisoning bug leading to a Denial of Service (DoS) condition was found in Next.js. This issue does not impact c…
- CVE-2025-52892MEDIUMCVSS 4.5EG 4.52025-08-05
EspoCRM is a web application with a frontend designed as a single-page application and a REST API backend written in PHP. In versions 9.1.6 and below, if a user loads Espo in the browser with double slashes (e.g https://domain//#Admin) and…
- CVE-2025-53628HIGHCVSS 8.8EG 8.82025-07-10
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.20.1, cpp-httplib does not have a limit for a unique line, permitting an attacker to explore this to allocate memory arbitrarily. This vulnerabili…
- CVE-2025-53643HIGHCVSS 7.5EG 7.52025-07-14
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pur…
- CVE-2025-54142MEDIUMCVSS 4.0EG 4.02025-08-29
Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an entity body, because there can be a subsequent request within the persistent connection between an Akamai proxy server and an origin server, if…
- CVE-2025-55018MEDIUMCVSS 5.8EG 5.82026-02-10
An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an…
- CVE-2025-55315CRITICALCVSS 9.9EG 9.92025-10-14
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
- CVE-2025-56266CRITICALCVSS 9.8EG 9.82025-09-08
A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via supplying a crafted URL.
- CVE-2025-58056HIGHCVSS 7.5EG 7.52025-09-03
Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts s…
- CVE-2025-58068CRITICALCVSS 9.1EG 9.12025-08-29
Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers …
- CVE-2025-59822HIGHCVSS 7.5EG 7.52025-09-23
Http4s is a Scala interface for HTTP services. In versions from 1.0.0-M1 to before 1.0.0-M45 and before 0.23.31, http4s is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section. This vulnerability could enab…
- CVE-2025-61258HIGHCVSS 7.5EG 7.52025-12-09
Outsystems Platform Server 11.18.1.37828 allows attackers to cause a denial of service via a crafted content-length value mismatching the body length. NOTE: the Supplier indicates that they are unable to reproduce this.
- CVE-2025-61884HIGHCVSS 7.5EG 9.0⚠ KEV2025-10-12
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network ac…
- CVE-2025-6442MEDIUMCVSS 5.9EG 5.92025-06-25
Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed …
- CVE-2025-65114HIGHCVSS 7.5EG 7.52026-04-02
Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.12, from 10.0.0 through 10.1.1. Users are recommended to upgrade to version 9.2.13 or 10…
- CVE-2025-66373MEDIUMCVSS 4.8EG 4.82025-12-04
Akamai Ghost on Akamai CDN edge servers before 2025-11-17 has a chunked request body processing error that can result in HTTP request smuggling. When Akamai Ghost receives an invalid chunked body that includes a chunk size different from t…
- CVE-2025-69224MEDIUMCVSS 6.5EG 6.52026-01-05
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below of the Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. If a pure Python version of…
- CVE-2025-69225MEDIUMCVSS 5.3EG 5.32026-01-06
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the po…
- CVE-2025-6999MEDIUMCVSS 6.9EG 0.02025-09-15
An HTTP Request Smuggling [CWE-444] vulnerability in the Authentication portal of WatchGuard Fireware OS allows a remote attacker to evade request parameter sanitation and perform a reflected self-Cross-Site Scripting (XSS) attack.This iss…
- CVE-2026-1002MEDIUMCVSS 5.3EG 5.32026-01-15
The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5…
- CVE-2026-1491MEDIUMCVSS 5.3EG 5.32026-04-01
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Ve…
- CVE-2026-1760MEDIUMCVSS 5.3EG 5.32026-02-02
A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client ca…
- CVE-2026-1801MEDIUMCVSS 5.3EG 5.32026-02-03
A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soup_filter_input_stream_read_line() logic, where libsoup accepts malformed chunk headers, s…
- CVE-2026-20069MEDIUMCVSS 4.3EG 4.32026-03-04
A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct browse…
- CVE-2026-2332HIGHCVSS 7.4EG 7.42026-04-14
In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: * https://w4ke.info/2025/06/18/funky-chunks.html * https://w4ke.info/20…
- CVE-2026-23527HIGHCVSS 8.9EG 8.92026-01-15
H3 is a minimal H(TTP) framework built for high performance and portability. Prior to 1.15.5, there is a critical HTTP Request Smuggling vulnerability. readRawBody is doing a strict case-sensitive check for the Transfer-Encoding header. It…
- CVE-2026-23941CRITICALCVSS 9.4EG 0.02026-03-13
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/http_server/httpd_re…
- CVE-2026-24880HIGHCVSS 7.5EG 7.52026-04-09
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52,…
- CVE-2026-2708LOWCVSS 3.7EG 3.72026-04-23
A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplica…
- CVE-2026-2862MEDIUMCVSS 5.3EG 5.32026-04-01
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Ve…
- CVE-2026-31842HIGHCVSS 7.5EG 7.52026-04-07
Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The is_chunked_transfer() function uses strcmp() to compare the header value…
- CVE-2026-34525MEDIUMCVSS 5.3EG 5.32026-04-01
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4.
- CVE-2026-39805MEDIUMCVSS 6.3EG 6.32026-05-01
Inconsistent Interpretation of HTTP Requests vulnerability in mtrudel bandit allows HTTP request smuggling via duplicate Content-Length headers. 'Elixir.Bandit.Headers':get_content_length/1 in lib/bandit/headers.ex uses List.keyfind/3, wh…
- CVE-2026-40175MEDIUMCVSS 4.8EG 4.82026-04-10
Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1 are vulnerable to a specific gadget-style attack chain in which prototype pollution in a third-party dependency may be leveraged to inject…
- CVE-2026-40560HIGHCVSS 7.5EG 7.52026-04-29
Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per…
- CVE-2026-40561MEDIUMCVSS 5.3EG 5.32026-05-03
Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per …
Map vulnerabilities like CWE-444 to your infrastructure
EchelonGraph correlates every CVE — across CWE-444 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →