PT-2026-29793 · Apache · Apache Traffic Server
Katsutoshi Ikenoya
·
Published
2026-04-02
·
Updated
2026-05-22
·
CVE-2025-65114
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Apache Traffic Server versions 9.0.0 through 9.2.12 and 10.0.0 through 10.1.1
Description
Apache Traffic Server is susceptible to request smuggling when handling malformed chunked messages. This can potentially lead to various security issues.
Recommendations
Upgrade to version 9.2.13 or 10.1.2.
Fix
HTTP Request/Response Smuggling
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Traffic Server