HTTP Request Smuggling - Vulnerability

Threat entity extracted from intelligence sources

Frequency
6
occurrences
First Seen
December 4, 2025
Last Seen
June 27, 2026

HTTP Request Smuggling is a vulnerability tracked across 5 threat clusters and 6 intelligence report mentions on ThreatCluster. First observed December 4, 2025; most recent activity June 27, 2026.

Overview

HTTP Request Smuggling (HRS) is a class of vulnerabilities where crafted HTTP requests exploit desync between front-end proxies (like CDNs or load balancers) and back-end origin servers, potentially bypassing security controls, causing cache poisoning, or enabling unauthorized access. In the reported case, Akamai patched an HRS flaw in its Edge Servers, underscoring the ongoing risk to edge deployments and the need for prompt patching.

Related Threat Clusters

Recent Intelligence Reports

  • Fedora 44 tinyproxy Important HTTP Request Smuggling Fixes 2026 — Linuxsecurity · June 27, 2026
  • Fedora 43 tinyproxy Important HTTP Request Smuggling Fix 2026 — Linuxsecurity · June 27, 2026
  • Mageia 9 perl-Starman Important HTTP Request Smuggling MGASA-2026 — Linuxsecurity · May 7, 2026
  • Top 10 Web Hacking Techniques of 2025 and a Hint for 2026 – James Kettle – ASW #380 — Scworld · April 28, 2026
  • Fixing request smuggling vulnerabilities in Pingora OSS deployments — Blog.Cloudflare · March 9, 2026
  • Akamai Patches HTTP Request Smuggling Vulnerability in Edge Servers — Cybersecuritynews · December 4, 2025

CVSS v3.1 Breakdown