Cloudflare Pingora Vulnerabilities Enable Request Smuggling Attacks

Cloudflare Pingora Vulnerabilities Enable Request Smuggling Attacks

First seen 10 Mar 2026, 09:40 UTC Blog.CloudflareGbhackersCybersecuritynews 80% similarity 45.9

Article Content

Browse articles
ThreatCluster

Cloudflare identified and patched HTTP/1.x request smuggling vulnerabilities in the Pingora open source framework. These vulnerabilities, reported through their Bug Bounty Program, are tracked as CVE-2026-2833, CVE-2026-2835, and CVE-2026-2836, all published on March 4, 2026. The vulnerabilities could potentially allow attackers to exploit the system if not addressed.

ThreatCluster AI

Timeline

2025-12-01
Reports of vulnerabilities in Pingora received
2026-03-04
CVE-2026-2833, CVE-2026-2835, CVE-2026-2836 published
2026-03-09
Cloudflare announces patch for Pingora vulnerabilities
2026-03-10
GBHackers publishes article on Pingora flaws

Community

Browse all →