HIGH🇬🇧 English

CVE-2026-32627

CVSS 8.7v3.1pub. 2026-03-16upd. 2026-03-17

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-httplib client is configured with a proxy and set_follow_location(true), any HTTPS redirect it follows will have TLS certificate and hostname verification silently disabled on the new connection. The client will accept any certificate presented by the redirect target — expired, self-signed, or forged — without raising an error or notifying the application. A network attacker in a position to return a redirect response can fully intercept the follow-up HTTPS connection, including any credentials or session tokens in flight. This vulnerability is fixed in 0.37.2.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
  • Yhirose Cpp Httplib

    APP
    Yhirose
    < 0.37.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2026-45372CRITICAL9.9PL ✓ten sam produkt

cpp-httplib: HTTP response splitting poprzez header injection (CRLF injection)

CVE-2025-66570CRITICAL10.0PL ✓ten sam produkt

cpp-httplib: spoofing nagłówków HTTP umożliwia bypass autoryzacji i zatrucie logów

CVE-2026-46527HIGH8.7ten sam produkt

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, When the se...

CVE-2026-33745HIGH7.4ten sam produkt

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.39.0, the cpp-htt...

CVE-2026-31870HIGH7.5ten sam produkt

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.1, when a cpp-...