CVE-2026-22776

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.30.1

Description A potential denial of service (DoS) condition exists in cpp-httplib due to the way it handles compressed HTTP request bodies, specifically those using gzip or br compression. The library checks the payload max length against the compressed data size received, but does not limit the size of the decompressed data stored in memory. This can lead to excessive memory consumption and potentially cause a DoS.

Recommendations Update cpp-httplib to version 0.30.1 or later.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-409

Related Identifiers

CVE-2026-22776

GHSA-H934-98H4-J43Q

OPENSUSE-SU-2026:10435-1

OPENSUSE-SU-2026:20733-1

SUSE-SU-2026:21599-1

Affected Products

Cpp-Httplib

CVE-2026-22776

Weakness Enumeration

Related Identifiers

Affected Products

References · 18