OESA-2026-1870
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-1870
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2026-1870.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2026-1870
- Upstream
- Published
- 2026-04-11T14:04:52Z
- Modified
- 2026-04-11T14:17:35.651650Z
- Summary
- cpp-httplib security update
- Details
-
A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code!
Security Fix(es):
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.39.0, the cpp-httplib HTTP client forwards stored Basic Auth, Bearer Token, and Digest Auth credentials to arbitrary hosts when following cross-origin HTTP redirects (301/302/307/308). A malicious or compromised server can redirect the client to an attacker-controlled host, which then receives the plaintext credentials in the
Authorizationheader. Version 0.39.0 fixes the issue.(CVE-2026-33745)cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.40.0, cpp-httplib is vulnerable to HTTP Request Smuggling. The server's static file handler serves GET responses without consuming the request body. On HTTP/1.1 keep-alive connections, the unread body bytes remain on the TCP stream and are interpreted as the start of a new HTTP request. An attacker can embed an arbitrary HTTP request inside the body of a GET request, which the server processes as a separate request. This issue has been patched in version 0.40.0.(CVE-2026-34441)
- Database specific
{ "severity": "High" }- References
Affected packages
openEuler:24.03-LTS-SP3 / cpp-httplib
Package
- Name
- cpp-httplib
- Purl
- pkg:rpm/openEuler/cpp-httplib&distro=openEuler-24.03-LTS-SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.40.0-1.oe2403sp3
Ecosystem specific
{
"src": [
"cpp-httplib-0.40.0-1.oe2403sp3.src.rpm"
],
"aarch64": [
"cpp-httplib-0.40.0-1.oe2403sp3.aarch64.rpm",
"cpp-httplib-debuginfo-0.40.0-1.oe2403sp3.aarch64.rpm",
"cpp-httplib-debugsource-0.40.0-1.oe2403sp3.aarch64.rpm",
"cpp-httplib-devel-0.40.0-1.oe2403sp3.aarch64.rpm"
],
"x86_64": [
"cpp-httplib-0.40.0-1.oe2403sp3.x86_64.rpm",
"cpp-httplib-debuginfo-0.40.0-1.oe2403sp3.x86_64.rpm",
"cpp-httplib-debugsource-0.40.0-1.oe2403sp3.x86_64.rpm",
"cpp-httplib-devel-0.40.0-1.oe2403sp3.x86_64.rpm"
]
}