CVE-2026-40561

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions Starlet versions prior to 0.32

Description Starlet for Perl allows HTTP Request Smuggling due to improper header precedence. The software incorrectly prioritizes the Content-Length header over Transfer-Encoding: chunked when both are present in an HTTP request, which contradicts RFC 7230 3.3.3. This behavior allows an attacker to smuggle malicious HTTP requests through a front-end reverse proxy.

Recommendations Update to version 0.32 or later.

HTTP Request/Response Smuggling

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-444

Related Identifiers

CVE-2026-40561

Affected Products

Starlet

CVE-2026-40561

Weakness Enumeration

Related Identifiers

Affected Products

References · 7