Critical Denial of Service Vulnerabilities in cpp-httplib Affect Fedora Users

Critical Denial of Service Vulnerabilities in cpp-httplib Affect Fedora Users

First seen 21 Mar 2026, 05:41 UTC Linuxsecurity 97% similarity 72.6

Article Content

Browse articles
ThreatCluster

Recent updates to the cpp-httplib library in Fedora address multiple critical Denial of Service (DoS) vulnerabilities. The vulnerabilities include CVE-2026-29076, which allows DoS via crafted HTTP POST requests, and CVE-2026-31870, which exploits malformed Content-Length headers. These vulnerabilities affect users of Fedora 43 and 44 who utilize the cpp-httplib library for HTTP/HTTPS operations. The updates also address issues related to payload size limit bypass and exception handling that could leak sensitive information. The patches were released on March 9, 2026, for version 0.37.0 and on March 11, 2026, for version 0.37.1. Users are urged to update their libraries to mitigate these risks. The vulnerabilities have been confirmed and are considered critical due to their potential impact on system availability and security.

Key Points: • Multiple critical DoS vulnerabilities in cpp-httplib affect Fedora users. • CVE-2026-29076 and CVE-2026-31870 are among the vulnerabilities addressed. • Users are advised to update to the latest library versions to mitigate risks.

ThreatCluster AI

Timeline

2026-03-04
CVE-2026-28434 and CVE-2026-28435 published
2026-03-07
CVE-2026-29076 published
2026-03-09
Update to cpp-httplib 0.37.0 released
2026-03-11
CVE-2026-31870 published
2026-03-11
Update to cpp-httplib 0.37.1 released

Community

Browse all →