Critical Vulnerability in cpp-httplib Affects Ubuntu Users

A significant vulnerability has been identified in cpp-httplib, a C++ header-only HTTP/HTTPS library, affecting multiple Ubuntu versions. The flaw allows remote attackers to inject crafted header content by exploiting improper percent-decoding of HTTP request header values. This could lead to serious issues such as response splitting, log injection, or proxy smuggling. The affected versions include libcpp-httplib-dev and libcpp-httplib across Ubuntu 26.04 LTS, 25.10, 24.04 LTS, and 22.04 LTS. Users are advised to update their systems to the latest package versions to mitigate the risk. The vulnerability has been assigned the identifier USN-8470-1, and it is crucial for users to apply the necessary updates promptly. A standard system update will address this issue for most users.

Key Points: • cpp-httplib vulnerability allows remote header injection attacks. • Affected Ubuntu versions include 26.04 LTS, 25.10, 24.04 LTS, and 22.04 LTS. • Users are urged to update to the latest package versions to mitigate risks.