PT-2026-23867 · Unknown · Cpp-Httplib

Diabl0-Sec

Published

2026-03-07

Updated

2026-03-26

CVE-2026-29076

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.37.0

Description The software uses std::regex (libstdc++) to parse RFC 5987 encoded filename* values in multipart Content-Disposition headers. A crafted filename* parameter can cause uncontrolled stack growth due to deep recursion in the regex engine, leading to a stack overflow and server process crash. The issue occurs when processing HTTP POST requests with a specially designed filename* parameter within the Content-Disposition header.

Recommendations Update to version 0.37.0 or later.

Exploit

Fix

DoS

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674CWE-1333

Related Identifiers

CVE-2026-29076

GHSA-QQ6V-R583-3H69

OESA-2026-1552

OESA-2026-1553

OESA-2026-1554

OESA-2026-1555

OPENSUSE-SU-2026:10435-1

OPENSUSE-SU-2026:20733-1

SUSE-SU-2026:21599-1

Affected Products

Cpp-Httplib

PT-2026-23867 · Unknown · Cpp-Httplib

CVE-2026-29076

Weakness Enumeration

Related Identifiers

Affected Products

References · 34