HTTP Request Smuggling is a vulnerability tracked across 5 threat clusters and 6 intelligence report mentions on ThreatCluster. First observed December 4, 2025; most recent activity June 27, 2026.
HTTP Request Smuggling (HRS) is a class of vulnerabilities where crafted HTTP requests exploit desync between front-end proxies (like CDNs or load balancers) and back-end origin servers, potentially bypassing security controls, causing cache poisoning, or enabling unauthorized access. In the reported case, Akamai patched an HRS flaw in its Edge Servers, underscoring the ongoing risk to edge deployments and the need for prompt patching.
A critical vulnerability has been identified in Starman versions prior to 0.4018, allowing HTTP Request Smuggling due to improper header precedence. The issue arises when both 'Content-Length' and 'Transfer-Encoding:…
On June 18, 2026, Fedora released updates for tinyproxy addressing two critical HTTP Request Smuggling vulnerabilities, CVE-2026-54387 and CVE-2026-54388, both published on June 17, 2026. These vulnerabilities affect…
Cloudflare identified and patched HTTP/1.x request smuggling vulnerabilities in the Pingora open source framework. These vulnerabilities, reported through their Bug Bounty Program, are tracked as CVE-2026-2833,…
James Kettle from PortSwigger discusses the top web hacking techniques of 2025 and anticipates the influence of large language models (LLMs) on future vulnerabilities. He emphasizes the importance of having a robust…
Akamai has patched a critical HTTP request smuggling vulnerability affecting its edge servers. This flaw could potentially allow attackers to manipulate requests and bypass security measures. Users of Akamai's edge…