Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-444

CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Parent: CWE-436 - Interpretation Conflict

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

315 vulnerabilities with CWE-444

CVE-2026-39805 MEDIUM

CL.CL HTTP request smuggling via duplicate Content-Length in bandit

CVE-2026-40560 HIGH

Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence

CVE-2026-41873 CRITICAL

Pony Mail: Admin account takeover via request smuggling

CVE-2026-2708 LOW

Libsoup: libsoup: http request smuggling via duplicate content-length headers

CVE-2026-2332 HIGH

HTTP Request Smuggling via Chunked Extension Quoted-String Parsing

CVE-2026-40175 MEDIUM

Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain

CVE-2026-24880 HIGH

Apache Tomcat: Request smuggling via invalid chunk extension

CVE-2026-31842 HIGH

Tinyproxy HTTP request parsing desynchronization via case-sensitive Transfer-Encoding handling

CVE-2026-34525 MEDIUM

AIOHTTP: Duplicate Host header accepted

CVE-2026-2862 MEDIUM

Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

CVE-2026-1491 MEDIUM

Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

CVE-2026-34441 MEDIUM

cpp-httplib: HTTP Request Smuggling via Unconsumed GET Request Body

CVE-2026-33870 HIGH

Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing

CVE-2026-28369 HIGH

Undertow: undertow: request smuggling via malformed http request headers

CVE-2026-28368 HIGH

Undertow: undertow: request smuggling via inconsistent header parsing

CVE-2026-28367 HIGH

Undertow: undertow: request smuggling via `\r\r\r` as a header block terminator

CVE-2026-4742 LOW

HTTP Request Smuggling in visualfc/liteide

CVE-2026-29057 MEDIUM

Next.js: HTTP request smuggling in rewrites

CVE-2026-23941 HIGH

Erlang OTP inets httpd - HTTP Request Smuggling

CVE-2026-32240 MEDIUM

Cap'n Proto <1.4.0 - HTTP Smuggling

CVE-2026-32239 MEDIUM

Cap'n Proto has an integer overflow in KJ-HTTP

CVE-2026-1525 MEDIUM

Undici - HTTP Request Smuggling

CVE-2026-28497 CRITICAL

TinyWeb <2.03 - HTTP Request Smuggling

CVE-2026-2835 CRITICAL

Pingora - HTTP Request Smuggling

CVE-2026-2833 CRITICAL

Pingora - HTTP Request Smuggling

Page 1 of 13 Next

Details

Vulnerabilities 315

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy