CVE-2026-54919 in cpp-httplibالمعلومات

الملخص

بحسب MITRE • 10/07/2026

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In affected Mbed TLS backend versions from 0.31.0 through 0.46.1 and wolfSSL backend versions from 0.33.0 through 0.46.1, when cpp-httplib is built with CPPHTTPLIB_MBEDTLS_SUPPORT or CPPHTTPLIB_WOLFSSL_SUPPORT and a client connects to an IP-literal host with server certificate verification enabled, SSLClient and Client in HTTPS mode skip certificate chain validation and WebSocketClient on the Mbed TLS backend skips verification altogether, allowing a man-in-the-middle attacker positioned to intercept traffic to present a crafted certificate and read or modify the traffic. This issue is fixed in version 0.47.0.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

مسؤول

GitHub M

حجز

16/06/2026

إفشاء

10/07/2026

الاعتدال

تمت الموافقة

إدخال

VDB-377541

EPSS

0.00000

KEV

لا

النشاطات

منخفض جدًا

المصادر

Interested in the pricing of exploits?

See the underground prices here!