Gbhackers
Cloudflare Pingora Vulnerabilities Enable Request Smuggling Attacks
First seen 10 Mar 2026, 09:40 UTC
•

•80% similarity
•45.9
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
Cloudflare identified and patched HTTP/1.x request smuggling vulnerabilities in the Pingora open source framework. These vulnerabilities, reported through their Bug Bounty Program, are tracked as CVE-2026-2833, CVE-2026-2835, and CVE-2026-2836, all published on March 4, 2026. The vulnerabilities could potentially allow attackers to exploit the system if not addressed.
ThreatCluster AI
Timeline
2025-12-01
Reports of vulnerabilities in Pingora received
2026-03-04
CVE-2026-2833, CVE-2026-2835, CVE-2026-2836 published
2026-03-09
Cloudflare announces patch for Pingora vulnerabilities
2026-03-10
GBHackers publishes article on Pingora flaws