CVE-2025-41082

2026-01-26 [email protected]

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 22:00 vuln.today
CVE Published
Jan 26, 2026 - 10:16 nvd
N/A

Tags

Code Injection

Description

Illegal HTTP request traffic vulnerability (CL.0) in Altitude Communication Server, caused by inconsistent analysis of multiple HTTP requests over a single Keep-Alive connection using Content-Length headers. This can cause a desynchronization of requests between frontend and backend servers, which could allow request hiding, cache poisoning or security bypass.

Analysis

Illegal HTTP request traffic vulnerability (CL.0) in Altitude Communication Server, caused by inconsistent analysis of multiple HTTP requests over a single Keep-Alive connection using Content-Length headers.

Technical Context

Classified as CWE-444 (HTTP Request/Response Smuggling). Illegal HTTP request traffic vulnerability (CL.0) in Altitude Communication Server, caused by inconsistent analysis of multiple HTTP requests over a single Keep-Alive connection using Content-Length headers. This can cause a desynchronization of requests between frontend and backend servers, which could allow request hiding, cache poisoning or security bypass.

Affected Products

Illegal HTTP request traffic vulnerability (CL.0) in Altitude Communication Server, caused by inconsistent analysis of multiple HTTP requests over a s

Remediation

Monitor vendor advisories for a patch.

Priority Score

0
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +0
POC: 0

Share

CVE-2025-41082 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy