CVE-2026-32627 in cpp-httplib
Summary
by MITRE • 03/16/2026
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-httplib client is configured with a proxy and set_follow_location(true), any HTTPS redirect it follows will have TLS certificate and hostname verification silently disabled on the new connection. The client will accept any certificate presented by the redirect target — expired, self-signed, or forged — without raising an error or notifying the application. A network attacker in a position to return a redirect response can fully intercept the follow-up HTTPS connection, including any credentials or session tokens in flight. This vulnerability is fixed in 0.37.2.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 03/21/2026
The vulnerability identified as CVE-2026-32627 affects the cpp-httplib C++ HTTP/HTTPS library, specifically impacting versions prior to 0.37.2. This library is widely used for building cross-platform HTTP applications in C++11 environments and is notable for its single-file header-only implementation that simplifies integration into existing projects. The flaw manifests when a client application configures proxy support and enables automatic location following through the set_follow_location(true) parameter, creating a dangerous security condition that undermines fundamental TLS security mechanisms.
The technical flaw resides in the library's handling of HTTPS redirects when proxy configuration is active. During the redirect process, the library silently disables TLS certificate verification and hostname checking for the new connection, effectively removing critical security controls that protect against man-in-the-middle attacks. This behavior violates the core principles of secure communication and creates a trust boundary violation where the application accepts any certificate regardless of validity, expiration status, or authenticity. The vulnerability operates at the protocol level, specifically targeting the TLS handshake process where certificate validation should occur, making it particularly dangerous as it bypasses the entire certificate validation infrastructure that modern security protocols rely upon.
The operational impact of this vulnerability is severe and directly enables sophisticated attack vectors that could compromise sensitive data transmission. Network attackers positioned to intercept traffic can exploit this weakness by crafting redirect responses that point to malicious servers, allowing them to fully intercept and manipulate HTTPS connections without detection. This includes the potential theft of authentication credentials, session tokens, personal data, and other sensitive information transmitted over the intercepted connection. The vulnerability essentially provides attackers with a backdoor that allows them to establish secure-looking connections while actually communicating with compromised endpoints, making detection extremely difficult. This weakness particularly affects applications that rely on automatic redirect following and proxy configurations, which are common in enterprise and web application environments.
Mitigation strategies for CVE-2026-32627 focus primarily on immediate version upgrades to 0.37.2 or later, which contains the necessary fixes to properly maintain TLS verification during redirect operations. Organizations should conduct comprehensive vulnerability assessments to identify all applications using affected versions of cpp-httplib and prioritize their remediation. Additionally, security teams should implement network monitoring to detect unusual redirect patterns that might indicate exploitation attempts. The vulnerability aligns with CWE-295, which addresses improper certificate validation, and maps to ATT&CK technique T1571 for "Modify System Image" and T1041 for "Exfiltration Over C2 Channel", as attackers can leverage this weakness to establish covert communication channels. Organizations should also consider implementing additional security controls such as network segmentation, proxy server hardening, and regular security scanning of third-party dependencies to prevent similar vulnerabilities from affecting their systems.