Alerts This Week
Warning Icon 1 612
Alerts This Week
Warning Icon 1 612

openSUSE 2026-0174-1 cpp-httplib Important Denial of Service

opensuse
Calendar Grey May 22, 2026
Dist Opensuse Esm H88
An openSUSE advisory covering security fixes for cpp-httplib addressing multiple vulnerabilities. Updates recommended.
An update that fixes 5 vulnerabilities is now available.

Description

This update for cpp-httplib fixes the following issues:

- CVE-2026-21428: Fixed a server-side request forgery via header injection

(boo#1255835)

- CVE-2026-22776: Fixed unsafe handling of compressed HTTP request that

could cause a denial of service (boo#1256518)

- CVE-2026-28434: Fixed that the default exception handler could leak

e.what() to clients via EXCEPTION_WHAT response header (boo#1259221)

- CVE-2026-28435: Fixed a payload size limit bypass via gzip decompression

in ContentReader (streaming) that could lead to denial of service

(boo#1259220)

- CVE-2026-29076: Fixed denial of service via crafted HTTP POST request

(boo#1259373)

Topics%20covered

Topics Covered

security advisory denial of service important OpenSUSE header injection cpp-httplib

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-174=1

Package List

- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):

cpp-httplib-devel-0.20.1-bp157.2.6.1

libcpp-httplib0_20-0.20.1-bp157.2.6.1

References

https://www.suse.com/security/cve/CVE-2026-21428.html

https://www.suse.com/security/cve/CVE-2026-22776.html

https://www.suse.com/security/cve/CVE-2026-28434.html

https://www.suse.com/security/cve/CVE-2026-28435.html

https://www.suse.com/security/cve/CVE-2026-29076.html

https://bugzilla.suse.com/1255835

https://bugzilla.suse.com/1256518

https://bugzilla.suse.com/1259220

https://bugzilla.suse.com/1259221

https://bugzilla.suse.com/1259373

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:0174-1
Rating: important
Affected Products: openSUSE Backports SLE-15-SP7

Topics%20covered

Topics Covered

security advisory denial of service important OpenSUSE header injection cpp-httplib

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here