Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-444

CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Parent: CWE-436 - Interpretation Conflict

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

334 vulnerabilities with CWE-444

CVE-2026-24880 HIGH

Apache Tomcat: Request smuggling via invalid chunk extension

CVE-2026-31842 HIGH

Tinyproxy HTTP request parsing desynchronization via case-sensitive Transfer-Encoding handling

CVE-2026-34525 MEDIUM

AIOHTTP: Duplicate Host header accepted

CVE-2026-2862 MEDIUM

Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

CVE-2026-1491 MEDIUM

Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

CVE-2026-34441 MEDIUM

cpp-httplib: HTTP Request Smuggling via Unconsumed GET Request Body

CVE-2026-33870 HIGH

Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing

CVE-2026-28369 HIGH

Undertow: undertow: request smuggling via malformed http request headers

CVE-2026-28368 HIGH

Undertow: undertow: request smuggling via inconsistent header parsing

CVE-2026-28367 HIGH

Undertow: undertow: request smuggling via `\r\r\r` as a header block terminator

CVE-2026-4742 LOW

HTTP Request Smuggling in visualfc/liteide

CVE-2026-29057 MEDIUM

Next.js: HTTP request smuggling in rewrites

CVE-2026-23941 CRITICAL

Erlang OTP inets httpd - HTTP Request Smuggling

CVE-2026-32240 MEDIUM

Cap'n Proto <1.4.0 - HTTP Smuggling

CVE-2026-32239 MEDIUM

Cap'n Proto <1.4.0 KJ-HTTP - Content-Length Integer Overflow

CVE-2026-1525 MEDIUM

Undici < 6.24.0 - HTTP Request Smuggling via Duplicate Content-Length Headers

CVE-2026-28497 CRITICAL

TinyWeb <2.03 - HTTP Request Smuggling

CVE-2026-2835 CRITICAL

Pingora < 0.8.0 - HTTP Request Smuggling via HTTP/1.0 Transfer-Encoding Handling

CVE-2026-2833 CRITICAL

Pingora < 0.8.0 - HTTP Request Smuggling via Upgrade Header Handling

CVE-2026-20069 MEDIUM

Cisco Secure Firewall ASA and FTD - HTTP Request Smuggling via VPN Web Services

CVE-2026-26365 MEDIUM

Akamai Ghost - HTTP Request Smuggling

CVE-2026-1801 MEDIUM

libsoup - HTTP Request Smuggling Information Disclosure

CVE-2026-1760 MEDIUM

SoupServer - HTTP Request Smuggling

CVE-2026-1002 MEDIUM

Eclipse Vert.x Web - Static File Access Denial via URI Path Manipulation

CVE-2026-23527 HIGH

h3 < 1.15.5 - HTTP Request Smuggling via Transfer-Encoding Header Case Mismatch

Previous Page 2 of 14 Next

Details

Vulnerabilities 334

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy