CVE-2026-40561

Source
https://cve.org/CVERecord?id=CVE-2026-40561
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-40561.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-40561
Downstream
Published
2026-05-03T00:57:31.519Z
Modified
2026-07-08T08:12:34.487963527Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence
Details

Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence.

Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence.

An attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/40xxx/CVE-2026-40561.json",
    "cwe_ids": [
        "CWE-444"
    ],
    "cna_assigner": "CPANSec"
}
References

Affected packages

Git / github.com/kazuho/starlet

Affected ranges

Type
GIT
Repo
https://github.com/kazuho/starlet
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:kazuho:starlet:*:*:*:*:*:perl:*:*",
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.31"
        }
    ]
}

Affected versions

0.*
0.01
0.04
0.05
0.07
0.08
0.10
0.11
0.12
0.13
0.14
0.15
0.16
0.17_01
0.18
0.20
0.21
0.22
0.23
0.24
0.25
0.26
0.27_01
0.28
0.29
0.30
0.31

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-40561.json"