CVE-2026-22776
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
4Description
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service (DoS) vulnerability exists in cpp-httplib due to the unsafe handling of compressed HTTP request bodies (Content-Encoding: gzip, br, etc.). The library validates the payload_max_length against the compressed data size received from the network, but does not limit the size of the decompressed data stored in memory.
Analysis
cpp-httplib versions prior to 0.30.1 are vulnerable to denial of service attacks due to insufficient validation of decompressed HTTP request body sizes. An unauthenticated remote attacker can send a malicious gzip or brotli-compressed request that decompresses to an arbitrarily large payload in memory, exhausting server resources. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 7 days: Identify all affected systems and apply vendor patches promptly. Vendor patch is available.
Sign in for detailed remediation steps.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today