cpp-httplib Critical Header Parsing Vulnerability (CVE-2026-45372) TheHackerWire / 17h The vulnerability allows an attacker to inject literal carriage return and newline () byte pairs into stored HTTP header values due to incorrect handling of percent-encoded input, potentially leading to various HTTP-level attacks. Specifically, versions prior to 0.44.0 exhibit a logic flaw where percent-decoding is applied to nearly all header values after a crucial validity check.