Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AV:N and PR:N confirmed by advisory; I:L added because misdirected request forwarding constitutes integrity impact beyond confidentiality alone.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 contain improper Host header validation when parsing raw HTTP request messages and when deriving a server request URI from server variables. An attacker can provide a malformed Host header containing URI authority delimiters, such as trusted.example@evil.example. When the Host value is used to construct a URI, the malformed value can be reinterpreted as URI userinfo and host. This can cause the PSR-7 request URI host to differ from the original Host header value. Applications are affected if they parse attacker-controlled raw HTTP requests with GuzzleHttp\Psr7\Message::parseRequest() or the legacy 1.x GuzzleHttp\Psr7\parse_request() function, or if they build server requests from attacker-controlled server variables, then rely on the resulting URI host for routing, allow-list checks, or forwarding decisions. In affected forwarding or gateway scenarios, this may cause requests or credentials to be sent to an unintended host. The issue is patched in 2.10.2. 1.x is end-of-life and will not receive a patch. Some workarounds are available. Validate the Host header as uri-host [ ":" port ] before calling Message::parseRequest() or legacy parse_request() on untrusted HTTP request data, or before deriving routing and forwarding decisions from a parsed request URI. Reject Host values containing userinfo, path, query, or fragment delimiters.
AnalysisAI
Host confusion in guzzlehttp/psr7 (all versions prior to 2.10.2) allows unauthenticated network attackers to supply a malformed Host header - such as trusted.example@evil.example - causing the library's URI construction logic to reinterpret the value as URI userinfo and a different host, silently replacing the parsed URI host with the attacker-controlled domain. Applications that rely on the resulting PSR-7 URI host for routing, allow-list enforcement, or forwarding decisions are at risk of sending requests and credentials to unintended destinations. No public exploit has been identified at time of analysis and no CISA KEV listing exists, but the conditional impact on forwarding gateways and API proxies built on psr7's server-request parsing functions is concrete.
Technical ContextAI
guzzlehttp/psr7 is a PHP implementation of the PSR-7 HTTP message interface, widely used both as a standalone library and as the transport layer of the Guzzle HTTP client. The vulnerability (CWE-20: Improper Input Validation) lies in the library's inbound request construction path: when building a URI from a Host header or $_SERVER variable, the library passes the raw Host value to its RFC 3986 URI parser without first validating it against the narrower RFC 7230 uri-host [ ':' port ] grammar. The RFC 3986 parser correctly interprets @ as the userinfo/host delimiter, so trusted.example@evil.example yields a URI whose getHost() returns evil.example - diverging from the original header value. Affected code paths include GuzzleHttp\Psr7\Message::parseRequest(), the legacy 1.x GuzzleHttp\Psr7\parse_request(), GuzzleHttp\Psr7\ServerRequest::fromGlobals(), and GuzzleHttp\Psr7\ServerRequest::getUriFromGlobals(). The outbound Guzzle HTTP client API is explicitly confirmed unaffected. The affected CPE is cpe:2.3:a:guzzle:psr7:*:*:*:*:*:*:*:* for all versions below 2.10.2.
RemediationAI
Vendor-released patch: 2.10.2. Upgrade via Composer to guzzlehttp/psr7 version 2.10.2 or later (composer require guzzlehttp/psr7:^2.10.2); the advisory is at https://github.com/guzzle/psr7/security/advisories/GHSA-34xg-wgjx-8xph. For applications that cannot upgrade immediately, validate Host header values before passing untrusted request data to Message::parseRequest(), parse_request(), ServerRequest::fromGlobals(), or ServerRequest::getUriFromGlobals(): accept only values matching uri-host [ ':' port ] and reject any value containing @, /, \, ?, #, whitespace, control characters, malformed IP literals, or invalid port syntax. Critically, do NOT validate Host by prepending http:// and calling parse_url(), as this reintroduces the exact same authority reinterpretation flaw. Applications pinned to the 1.x EOL branch have no vendor patch available and must either migrate to 2.x or implement Host header validation at the application or reverse-proxy layer as a compensating control.
CRLF injection in guzzlehttp/psr7 versions prior to 2.10.2 allows remote unauthenticated attackers to inject arbitrary H
Host validation bypass in guzzlehttp/psr7 before 2.12.3 enables URI authority confusion attacks against PHP applications
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36239
GHSA-34xg-wgjx-8xph