Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

Fedora 43: cpp-httplib Critical DOS and HTTP Header Issues 2026-e50e41fcea

fedora
Calendar Grey January 22, 2026
Dist Fedora Esm H88
Critical update for cpp-httplib on Fedora 43 addressing multiple security issues such as denial of service and header injections.
Update to 0.30.1 Denial of service (DOS) using zip bomb (CVE-2026-22776) CRLF injection in http headers (CVE-2026-21428) Untrusted HTTP Header Handling: X-Forwarded-For/X-Real-IP T...

Summary

A C++11 single-file header-only cross platform HTTP/HTTPS library.

It's extremely easy to setup. Just include the httplib.h file in your code!

Update Information:

Update to 0.30.1 Denial of service (DOS) using zip bomb (CVE-2026-22776) CRLF injection in http headers (CVE-2026-21428) Untrusted HTTP Header Handling: X-Forwarded-For/X-Real-IP Trust (CVE-2025-66577) https://github.com/yhirose/cpp-httplib/releases/tag/v0.30.1

Topics%20covered

Topics Covered

security advisory fedora update denial service http header trusted headers

Change Log

* Tue Jan 13 2026 Petr Men\u0161k - 0.30.1-5 - Switch to GCC 15 test fix with active PR * Tue Jan 13 2026 Petr Men\u0161k - 0.30.1-4 - Drop 32 bit support like upstream did * Mon Jan 12 2026 Petr Men\u0161k - 0.30.1-3 - fixup! Fix tests in last release * Mon Jan 12 2026 Petr Men\u0161k - 0.30.1-2 - Fix tests in last release * Mon Jan 12 2026 Petr Men\u0161k - 0.30.1-1 - Update to 0.30.1 (rhbz#2406686) * Sat Aug 30 2025 Orion Poplawski - 0.26.0-1 - Update to 0.26.0 (CVE-2025-53629)

References


[ 1 ] Bug #2338561 - cpp-httplib-0.26.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2338561 [ 2 ] Bug #2419549 - CVE-2025-66570 cpp-httplib: cpp-httplib Untrusted HTTP Header Handling [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2419549 [ 3 ] Bug #2419632 - CVE-2025-66577 cpp-httplib: cpp-httplib Untrusted HTTP Header Handling: X-Forwarded-For/X-Real-IP Trust [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2419632 [ 4 ] Bug #2426700 - CVE-2026-21428 cpp-httplib: cpp-httplib: Server-Side Request Forgery via header injection [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2426700 [ 5 ] Bug #2428894 - CVE-2026-22776 cpp-httplib: cpp-httplib: Denial of Service due to excessive memory usage from compressed HTTP request bodies [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2428894

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-e50e41fcea' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: cpp-httplib
Product: Fedora 43
Version: 0.30.1
Release: 5.fc43
URL: https://github.com/yhirose/cpp-httplib
Summary: A C++11 single-file header-only cross platform HTTP/HTTPS library

Topics%20covered

Topics Covered

security advisory fedora update denial service http header trusted headers

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here