PT-2026-44991 · Unknown · Cpp-Httplib

CVE-2026-46527

·

Published

2026-05-29

·

Updated

2026-06-11

CVSS v4.0

8.7

High

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.44.0
Description A denial of service occurs when the server uses the set trusted proxies() function with a non-empty trusted-proxy list. An attacker can send an HTTP request containing an X-Forwarded-For header with a value that parses to no valid IP segments. This triggers the get client ip() function to call front() on an empty std::vector, resulting in undefined behavior in C++ that typically leads to abnormal process termination.
Recommendations Update to version 0.44.0.

Exploit

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-46527
GHSA-HG3G-VRG8-578G
OPENSUSE-SU-2026:10994-1

Affected Products

Cpp-Httplib