Main Vulnerability Database Exploits ID:12701 - Exploit for CRLF injection in Cpp-httplib - CVE-2026-45372

ID:12701 - Exploit for CRLF injection in Cpp-httplib - CVE-2026-45372

Published: May 13, 2026

Vulnerability identifier: #VU131325

Vulnerability risk: Medium

CVE-ID: CVE-2026-45372

CWE-ID: CWE-93

Exploitation vector: Remote access

Vulnerable software:
Cpp-httplib

Link to public exploit:

https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-xjxg-64p4-vj4m#poc

Vulnerability description

The vulnerability allows a remote attacker to inject CRLF sequences into stored HTTP header values.

The vulnerability exists due to improper neutralization of CRLF sequences in the server-side parse_header function when parsing percent-encoded header values in incoming requests. A remote attacker can send a specially crafted request with encoded CRLF sequences to inject CRLF sequences into stored HTTP header values.

The issue can lead to inconsistent interpretation of header values by downstream application components, including response handling, logging, and proxying logic.

Remediation

Install security update from vendor's website.

ID:12701 - Exploit for CRLF injection in Cpp-httplib - CVE-2026-45372

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human