PT-2026-54842 · Apache · Httpcomponents Core

Henry Huang

·

Published

2026-07-01

·

Updated

2026-07-01

·

CVE-2026-54399

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Apache HttpComponents Core versions prior to 5.4.3 Apache HttpComponents Core versions prior to 5.5-beta2
Description An uncontrolled resource consumption issue exists in the HTTP/1.1 message parser. A remote attacker can trigger a denial of service via memory exhaustion by sending messages containing an excessive number of headers or excessive header length.
Recommendations Update Apache HttpComponents Core to version 5.4.3 or later. Update Apache HttpComponents Core to version 5.5-beta2 or later.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-54399

Affected Products

Httpcomponents Core