Critical Security Flaws in cpp-httplib Affect Fedora Systems

Critical Security Flaws in cpp-httplib Affect Fedora Systems

First seen 3 Jul 2026, 09:25 UTC Linuxsecurityfedoraproject.org 96% similarity 72.8
Share:

Article Content

Browse articles
ThreatCluster

Fedora has released an update for cpp-httplib, addressing multiple critical vulnerabilities. The update includes fixes for CVE-2026-46527, CVE-2026-45372, and CVE-2026-45352, which involve denial of service and arbitrary code execution through improper HTTP header processing. The vulnerabilities affect Fedora 43 and 44, with potential exploitation leading to significant disruptions. The IP-host certificate identity fix ensures that IP-literal hosts are authenticated correctly, enhancing security against previous fallback mechanisms. Users are advised to upgrade to version 0.48.0 immediately to mitigate risks. The vulnerabilities were disclosed in late May 2026, and patches are available through the dnf update program.

Key Points: • Fedora's cpp-httplib update addresses critical vulnerabilities including DoS and code execution. • Affected CVEs include CVE-2026-46527, CVE-2026-45372, and CVE-2026-45352. • Users must upgrade to version 0.48.0 to protect against these vulnerabilities.

ThreatCluster AI

Timeline

2026-03-27
CVE-2026-33745 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-03-31
CVE-2026-34441 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-05-29
CVE-2026-46527 published
Denial of Service vulnerability via malformed X-Forwarded-For header disclosed.
Linuxsecurity
2026-05-29
CVE-2026-45372 published
Arbitrary code execution vulnerability due to improper HTTP header processing disclosed.
Linuxsecurity
2026-05-29
CVE-2026-45352 published
Denial of Service vulnerability due to unbounded memory allocation disclosed.
Linuxsecurity
2026-07-03
Fedora releases cpp-httplib update
Update to version 0.48.0 released to address multiple critical vulnerabilities.
Linuxsecurity

Community

Browse all →