SUSE Package Hub - openSUSE-2026-174

Update Info

openSUSE-2026-174

Security update for cpp-httplib

Type: security

Severity: important

Issued: 2026-05-21

Description:

This update for cpp-httplib fixes the following issues:

- CVE-2026-21428: Fixed a server-side request forgery via header injection (boo#1255835)
- CVE-2026-22776: Fixed unsafe handling of compressed HTTP request that could cause a denial of service (boo#1256518)
- CVE-2026-28434: Fixed that the default exception handler could leak e.what() to clients via EXCEPTION_WHAT response header (boo#1259221)
- CVE-2026-28435: Fixed a payload size limit bypass via gzip decompression in ContentReader (streaming) that could lead to denial of service (boo#1259220)
- CVE-2026-29076: Fixed denial of service via crafted HTTP POST request (boo#1259373)

References

CVE: CVE-2026-29076
CVE: CVE-2026-28435
CVE: CVE-2026-28434
CVE: CVE-2026-22776
CVE: CVE-2026-21428
Bugzilla: 1259373 VUL-0: CVE-2026-29076: cpp-httplib: denial of service via crafted HTTP POST request
Bugzilla: 1259221 VUL-0: CVE-2026-28434: cpp-httplib: default exception handler may leak e.what() to clients via EXCEPTION_WHAT response header
Bugzilla: 1259220 VUL-0: CVE-2026-28435: cpp-httplib: payload size limit bypass via gzip decompression in ContentReader (streaming) can lead to denial of service
Bugzilla: 1256518 VUL-0: CVE-2026-22776: cpp-httplib: unsafe handling of compressed HTTP request can cause a denial of service
Bugzilla: 1255835 VUL-0: CVE-2026-21428: cpp-httplib: server-side request forgery via header injection

Packages

cpp-httplib-0.20.1-bp157.2.6.1