{“lastseen”:””,”description”:”cpp-httplib is a C++11 single-file header-only cross platform HTTP\/HTTPS library. Prior to version 0.30.0, the “write_headers“ function does not check for CR \\u0026 LF characters in user supplied headers, allowing untrusted header value to escape header lines.\\nThis vulnerability allows attackers to add extra headers, modify request body unexpectedly \\u0026 trigger an SSRF attack. When combined with a server that supports http1.1 pipelining (springboot, python twisted etc), this can be used for server side request forgery (SSRF). Version 0.30.0 fixes this issue.”,”published”:”2026-01-01T17:54:43.959Z”,”modified”:”2026-01-01T17:54:43.959Z”,”type”:”cve”,”title”:”cpp-httplib has CRLF injection in http headers”,”source”:”GitHub_M”,”references”:”https:\/\/github.com\/yhirose\/cpp-httplib\/security\/advisories\/GHSA-wpc6-j37r-jcx7\\nhttps:\/\/github.com\/yhirose\/cpp-httplib\/commit\/98048a033a532ff22320ce1d11789f8d5710dfcd\\nhttps:\/\/github.com\/yhirose\/cpp-httplib\/releases\/tag\/v0.30.0″,”id”:”CVE-2026-21428″,”bulletinFamily”:””,”cwe”:[“CWE-93″],”cvelist”:null,”sourceData”:”yhirose cpp-httplib \\u003c 0.30.0″,”sourceHref”:””,”cvss”:{“score”:7.7,”severity”:”HIGH”,”vector”:”CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:N\/VC:N\/VI:H\/VA:N\/SC:N\/SI:N\/SA:N\/E:P”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”cpp-httplib”,”version”:”\\u003c 0.30.0″,”vendor”:”yhirose”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”cpp-httplib is a C++11 single-file header-only cross platform HTTP\/HTTPS library. Prior to version 0.30.0, the “write_headers“ function does not check for CR \\u0026 LF characters…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,87,12,15,13,7,11,5],"class_list":["post-33661","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-77","tag-exploit","tag-high","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n