CVE-2026-46527

Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.44.0

Description A denial of service occurs when the server uses the set trusted proxies() function with a non-empty trusted-proxy list. An attacker can send an HTTP request containing an X-Forwarded-For header with a value that parses to no valid IP segments. This triggers the get client ip() function to call front() on an empty std::vector, resulting in undefined behavior in C++ that typically leads to abnormal process termination.

Recommendations Update to version 0.44.0.