Vulnerability in Yhirose Cpp-httplib

CVE-2026-21428

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.0, the ``write_headers`` function does not check for CR & LF characters in user supplied headers, allowing untrusted header value to es…

Vulnerability class: CRLF Injection

EPSS: 0.000 (3.3th percentile) — read the EPSS interpretation.

Affected products

Yhirose Cpp-httplib — versions < 0.30.0

Weakness classification (CWE)

CWE-93 — CRLF Injection

References

https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-wpc6-j37r-jcx7 (x_refsource_CONFIRM)
https://github.com/yhirose/cpp-httplib/commit/98048a033a532ff22320ce1d11789f8d5710dfcd (x_refsource_MISC)
https://github.com/yhirose/cpp-httplib/releases/tag/v0.30.0 (x_refsource_MISC)