CWE-444— Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)
The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.— MITRE CWE catalog
344 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-444page 6 of 7
- CVE-2025-14523HIGHCVSS 8.2EG 8.22025-12-11
A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost con…
- CVE-2025-1867CRITICALCVSS 10.0EG 10.02025-03-03
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in ithewei libhv allows HTTP Response Smuggling.This issue affects libhv: through 1.3.3.
- CVE-2025-23167MEDIUMCVSS 6.5EG 6.52025-05-19
A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and…
- CVE-2025-29904MEDIUMCVSS 5.3EG 5.32025-03-12
In JetBrains Ktor before 3.1.1 an HTTP Request Smuggling was possible
- CVE-2025-30346MEDIUMCVSS 5.4EG 5.42025-03-21
Varnish Cache before 7.6.2 and Varnish Enterprise before 6.0.13r10 allow client-side desync via HTTP/1 requests.
- CVE-2025-3110HIGHCVSS 7.5EG 7.52026-07-08
OpenVPN Access Server 2.7.2 through 3.1.0 accepts bare line-feed sequences inside HTTP header values, allowing remote attackers to perform HTTP request smuggling when deployed behind a reverse proxy
- CVE-2025-31137HIGHCVSS 7.5EG 7.52025-04-01
React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this v…
- CVE-2025-31958LOWCVSS 3.7EG 3.72026-04-21
HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsing. HTTP Smuggling exploits inconsiste…
- CVE-2025-32094MEDIUMCVSS 4.0EG 4.02025-08-07
An issue was discovered in Akamai Ghost, as used for the Akamai CDN platform before 2025-03-26. Under certain circumstances, a client making an HTTP/1.x OPTIONS request with an "Expect: 100-continue" header, and using obsolete line folding…
- CVE-2025-41082MEDIUMCVSS 6.9EG 6.92026-01-26
Illegal HTTP request traffic vulnerability (CL.0) in Altitude Communication Server, caused by inconsistent analysis of multiple HTTP requests over a single Keep-Alive connection using Content-Length headers. This can cause a desynchroniza…
- CVE-2025-41235HIGHCVSS 8.6EG 8.62025-05-30
Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies.
- CVE-2025-4366MEDIUMCVSS 6.1EG 6.12025-05-22
A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and po…
- CVE-2025-43859CRITICALCVSS 9.1EG 9.12025-04-24
h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has be…
- CVE-2025-4600HIGHCVSS 7.5EG 7.52025-05-16
A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer due to improper handling of chunked-encoded HTTP requests. This allowed attackers to craft requests that could be misinterpreted by backend ser…
- CVE-2025-47905MEDIUMCVSS 5.4EG 5.42025-05-13
Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries.
- CVE-2025-49005LOWCVSS 3.7EG 3.72025-07-03
Next.js is a React framework for building full-stack web applications. In Next.js App Router from 15.3.0 to before 15.3.3 and Vercel CLI from 41.4.1 to 42.2.0, a cache poisoning vulnerability was found. The issue allowed page requests for …
- CVE-2025-49826HIGHCVSS 7.5EG 7.52025-07-03
Next.js is a React framework for building full-stack web applications. From versions 15.0.4-canary.51 to before 15.1.8, a cache poisoning bug leading to a Denial of Service (DoS) condition was found in Next.js. This issue does not impact c…
- CVE-2025-52892MEDIUMCVSS 4.5EG 4.52025-08-05
EspoCRM is a web application with a frontend designed as a single-page application and a REST API backend written in PHP. In versions 9.1.6 and below, if a user loads Espo in the browser with double slashes (e.g https://domain//#Admin) and…
- CVE-2025-53628HIGHCVSS 8.8EG 8.82025-07-10
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.20.1, cpp-httplib does not have a limit for a unique line, permitting an attacker to explore this to allocate memory arbitrarily. This vulnerabili…
- CVE-2025-53643HIGHCVSS 7.5EG 7.52025-07-14
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pur…
- CVE-2025-54142MEDIUMCVSS 4.0EG 4.02025-08-29
Akamai Ghost before 2025-07-21 allows HTTP Request Smuggling via an OPTIONS request that has an entity body, because there can be a subsequent request within the persistent connection between an Akamai proxy server and an origin server, if…
- CVE-2025-55018MEDIUMCVSS 5.8EG 5.82026-02-10
An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3 through 6.4.16 may allow an…
- CVE-2025-55315CRITICALCVSS 9.9EG 9.92025-10-14
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
- CVE-2025-56266CRITICALCVSS 9.8EG 9.82025-09-08
A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via supplying a crafted URL.
- CVE-2025-58056HIGHCVSS 7.5EG 7.52025-09-03
Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts s…
- CVE-2025-58068CRITICALCVSS 9.1EG 9.12025-08-29
Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers …
- CVE-2025-59822HIGHCVSS 7.5EG 7.52025-09-23
Http4s is a Scala interface for HTTP services. In versions from 1.0.0-M1 to before 1.0.0-M45 and before 0.23.31, http4s is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section. This vulnerability could enab…
- CVE-2025-61258HIGHCVSS 7.5EG 7.52025-12-09
Outsystems Platform Server 11.18.1.37828 allows attackers to cause a denial of service via a crafted content-length value mismatching the body length. NOTE: the Supplier indicates that they are unable to reproduce this.
- CVE-2025-61884HIGHCVSS 7.5EG 9.0⚠ KEV2025-10-12
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network ac…
- CVE-2025-6442MEDIUMCVSS 5.9EG 5.92025-06-25
Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed …
- CVE-2025-65114HIGHCVSS 7.5EG 7.52026-04-02
Apache Traffic Server allows request smuggling if chunked messages are malformed. This issue affects Apache Traffic Server: from 9.0.0 through 9.2.12, from 10.0.0 through 10.1.1. Users are recommended to upgrade to version 9.2.13 or 10…
- CVE-2025-66373MEDIUMCVSS 4.8EG 4.82025-12-04
Akamai Ghost on Akamai CDN edge servers before 2025-11-17 has a chunked request body processing error that can result in HTTP request smuggling. When Akamai Ghost receives an invalid chunked body that includes a chunk size different from t…
- CVE-2025-69224MEDIUMCVSS 6.5EG 6.52026-01-05
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below of the Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. If a pure Python version of…
- CVE-2025-69225MEDIUMCVSS 5.3EG 5.32026-01-06
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the po…
- CVE-2025-6999MEDIUMCVSS 6.9EG 6.92025-09-15
An HTTP Request Smuggling [CWE-444] vulnerability in the Authentication portal of WatchGuard Fireware OS allows a remote attacker to evade request parameter sanitation and perform a reflected self-Cross-Site Scripting (XSS) attack.This iss…
- CVE-2026-1002MEDIUMCVSS 5.3EG 5.32026-01-15
The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5…
- CVE-2026-11541CRITICALCVSS 9.8EG 7.42026-06-30
IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP request smuggling vulnerability.
- CVE-2026-11806HIGHCVSS 7.5EG 7.22026-06-30
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 is affected by an arbitrary file read vulnerability with the restConnector-2.0 feature enabled.
- CVE-2026-13762CRITICALCVSS 9.8EG 9.82026-06-29
Inconsistent interpretation of HTTP/2 requests in Amazon CloudFront with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule body inspection via crafted HTTP/2 requests that fragment the request body across frames so t…
- CVE-2026-13763CRITICALCVSS 9.8EG 9.82026-06-29
Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule body inspection via crafted HTTP/2 requests that fragment the request body across…
- CVE-2026-1491MEDIUMCVSS 5.3EG 5.32026-04-01
IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Ve…
- CVE-2026-1760MEDIUMCVSS 5.3EG 5.32026-02-02
A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client ca…
- CVE-2026-1801MEDIUMCVSS 5.3EG 5.32026-02-03
A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in the soup_filter_input_stream_read_line() logic, where libsoup accepts malformed chunk headers, s…
- CVE-2026-20069MEDIUMCVSS 4.3EG 4.32026-03-04
A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct browse…
- CVE-2026-2332CRITICALCVSS 9.1EG 7.42026-04-14
In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: * https://w4ke.info/2025/06/18/funky-chunks.html * https://w4ke.info/20…
- CVE-2026-23527HIGHCVSS 8.9EG 8.92026-01-15
H3 is a minimal H(TTP) framework built for high performance and portability. Prior to 1.15.5, there is a critical HTTP Request Smuggling vulnerability. readRawBody is doing a strict case-sensitive check for the Transfer-Encoding header. It…
- CVE-2026-23941CRITICALCVSS 9.4EG 9.42026-03-13
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling. This vulnerability is associated with program files lib/inets/src/http_server/httpd_re…
- CVE-2026-24880HIGHCVSS 7.5EG 7.52026-04-09
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52,…
- CVE-2026-26365MEDIUMCVSS 4.0EG 4.02026-02-23
Akamai Ghost on Akamai CDN edge servers before 2026-02-06 mishandles processing of custom hop-by-hop HTTP headers, where an incoming request containing the header "Connection: Transfer-Encoding" could result in a forward request with inval…
- CVE-2026-2708LOWCVSS 3.7EG 3.72026-04-23
A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplica…
Map vulnerabilities like CWE-444 to your infrastructure
EchelonGraph correlates every CVE — across CWE-444 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →