CVE-2026-32627

Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.37.2

Description cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. When a cpp-httplib client is configured with a proxy and set follow location(true), HTTPS redirects can silently disable TLS certificate and hostname verification on the new connection. The client will accept any certificate presented by the redirect target—expired, self-signed, or forged—without raising an error or notifying the application. A network attacker positioned to return a redirect response can intercept the subsequent HTTPS connection, potentially including credentials or session tokens.

Recommendations Update cpp-httplib to version 0.37.2 or later.