CVE-2026-26365

Name of the Vulnerable Software and Affected Versions Akamai versions prior to 2026-02-06

Description The software mishandles processing of custom hop-by-hop HTTP headers. An incoming request containing the header "Connection: Transfer-Encoding" could result in a forward request with invalid message framing, depending on the Akamai processing path. This could lead to HTTP request smuggling, potentially causing the origin server to parse the request body incorrectly.

Recommendations Update to a version released on or after 2026-02-06.