Threat Entry Updated 2026-01-15

CVE-2026-22776 - Cpp Httplib Plugin

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service (DoS) vulnerability exists in cpp-httplib due to the unsafe handling of compressed HTTP request bodies (Content-Encoding: gzip, br, etc.). The library validates the payload_max_length against the compressed data size received from the network, but does not limit the size of the decompressed data stored in memory.

PLUGIN Cpp Httplib

CVE-2026-22776

HIGH CVSS 8.7 2026-01-12

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2026-01-06

CVE-2026-21428 - Cpp Httplib Plugin

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.0, the ``write_headers`` function does not check for CR & LF characters in user supplied headers, allowing untrusted header value to escape header lines. This vulnerability allows attackers to add extra headers, modify request body unexpectedly & trigger an SSRF attack. When combined with a server that supports http1.1 pipelining (springboot, python twisted etc), this can be used for server side request forgery (SSRF). Version 0.30.0 fixes this issue.

PLUGIN Cpp Httplib

CVE-2026-21428

HIGH CVSS 7.7 2026-01-01

Risk Score

Open Full Technical Breakdown