Skip to main content

Cpp Httplib CVE-2023-26130

HIGH
Improper Neutralization of CRLF Sequences ('CRLF Injection') (CWE-93)
2023-05-30 report@snyk.io
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 30, 2023 - 05:15 nvd
HIGH 8.8

DescriptionNVD

Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors. Note: This issue is present due to an incomplete fix for CVE-2020-11709.

AnalysisAI

Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-93. Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors. Note: This issue is present due to an incomplete fix for CVE-2020-11709. Affected products include: Cpp-Httplib Project Cpp-Httplib. Version information: before 0.12.4.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-66570 CRITICAL POC
10.0 Dec 05

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allow

CVE-2025-53628 HIGH POC
8.8 Jul 10

CVE-2025-53628 is a memory exhaustion vulnerability in cpp-httplib versions prior to 0.20.1 that allows unauthenticated

CVE-2025-46728 HIGH POC
7.5 May 06

cpp-httplib is a C++ header-only HTTP/HTTPS server and client library. Rated high severity (CVSS 7.5), this vulnerabilit

CVE-2025-52887 HIGH POC
7.5 Jun 26

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In version 0.21.0, when many http head

CVE-2025-53629 HIGH POC
7.5 Jul 10

CVE-2025-53629 is a Denial of Service vulnerability in cpp-httplib versions prior to 0.23.0 that allows unauthenticated

CVE-2026-22776 HIGH POC
7.5 Jan 12

cpp-httplib versions prior to 0.30.1 are vulnerable to denial of service attacks due to insufficient validation of decom

CVE-2026-28435 HIGH POC
7.5 Mar 04

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. [CVSS 7.5 HIGH]

CVE-2026-21428 HIGH POC
7.5 Jan 01

Cpp-Httplib versions up to 0.30.0 contains a vulnerability that allows attackers to add extra headers, modify request bo

CVE-2020-11709 HIGH POC
7.5 Apr 12

cpp-httplib through 0.5.8 does not filter \r\n in parameters passed into the set_redirect and set_header functions, whic

CVE-2026-29076 MEDIUM POC
5.9 Mar 07

Remote denial of service in cpp-httplib prior to version 0.37.0 allows unauthenticated attackers to crash server process

CVE-2025-66577 MEDIUM POC
5.3 Dec 05

A security vulnerability in cpp-httplib (CVSS 5.3) that allows attacker-controlled http headers. Risk factors: public Po

CVE-2026-28434 MEDIUM POC
5.3 Mar 04

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. [CVSS 5.3 MEDIUM]

Share

CVE-2023-26130 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy