CNNVD-202601-017 Information

CNNVD ID

CNNVD-202601-017

Related CVE

CVE-2026-21428

• CNNVD Published: 2026-01-01

Description (Chinese)

cpp-httplib是yhirose个人开发者的一款使用C++语言编写的HTTP/HTTPS服务器和客户端库。 cpp-httplib 0.30.0之前版本存在注入漏洞，该漏洞源于未检查用户提供标头中的CR和LF字符，可能导致添加额外标头、修改请求主体和触发服务端请求伪造攻击。

Description (English)

cpp-httplib is a HTTP/HTTPS server and client library prepared in the C++ language by yhirose personal developers. cpp-httplib 0.30.0 has an injection loophole that results from failure to check the user ’ s availability of CR and LF characters in the header, which may lead to the addition of additional headers, modification of the subject of the request and the trigger service requesting a false attack.

Hazard Level

High

Vulnerability Type

注入

Affected Vendor

个人开发者

Published

2026-01-01

Last Modified

2026-02-24

References

https://github.com/yhirose/cpp-

Patch

https://github.com/yhirose/cpp-httplib/releases