SUSE Package Hub - SUSE-PackageHub-16.0-724

Update Info

SUSE-PackageHub-16.0-724

Security update for cpp-httplib

Type: security

Severity: important

Issued: 2026-05-08

Description:

This update for cpp-httplib fixes the following issues

- CVE-2026-21428: server-side request forgery via header injection (bsc#1255835).
- CVE-2026-22776: unsafe handling of compressed HTTP request can cause a denial of service (bsc#1256518).
- CVE-2026-28434: default exception handler may leak e.what() to clients via EXCEPTION_WHAT response header
  (bsc#1259221).
- CVE-2026-28435: payload size limit bypass via gzip decompression in ContentReader (streaming) can lead to denial of
  service (bsc#1259220).
- CVE-2026-29076: denial of service via crafted HTTP POST request (bsc#1259373).

References

CVE: CVE-2026-29076
CVE: CVE-2026-28435
CVE: CVE-2026-28434
CVE: CVE-2026-22776
CVE: CVE-2026-21428
Bugzilla: 1259373 VUL-0: CVE-2026-29076: cpp-httplib: denial of service via crafted HTTP POST request
Bugzilla: 1259221 VUL-0: CVE-2026-28434: cpp-httplib: default exception handler may leak e.what() to clients via EXCEPTION_WHAT response header
Bugzilla: 1259220 VUL-0: CVE-2026-28435: cpp-httplib: payload size limit bypass via gzip decompression in ContentReader (streaming) can lead to denial of service
Bugzilla: 1256518 VUL-0: CVE-2026-22776: cpp-httplib: unsafe handling of compressed HTTP request can cause a denial of service
Bugzilla: 1255835 VUL-0: CVE-2026-21428: cpp-httplib: server-side request forgery via header injection

Packages

cpp-httplib-0.22.0-160000.5.1