What is CVE-2026-29076?

CVE-2026-29076 is a medium-severity vulnerability in Yhirose Cpp-httplib, classified under Uncontrolled Recursion. CVSS score: 5.9/10. Published 2026-03-07.

How severe is CVE-2026-29076?

Medium severity. CVSS v3 base score is 5.9 out of 10.

Vulnerability in Yhirose Cpp-httplib

CVE-2026-29076

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.0, cpp-httplib uses std::regex (libstdc++) to parse RFC 5987 encoded filename* values in multipart Content-Disposition headers. The reg…

EPSS: 0.001 (23.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Yhirose Cpp-httplib — versions < 0.37.0

Weakness classification (CWE)

References

https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-qq6v-r583-3h69 (x_refsource_CONFIRM)
https://github.com/yhirose/cpp-httplib/commit/de296af3eb5b0d5c116470e033db900e4812c5e6 (x_refsource_MISC)
https://github.com/yhirose/cpp-httplib/releases/tag/v0.37.0 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-29076?: CVE-2026-29076 is a medium-severity vulnerability in Yhirose Cpp-httplib, classified under Uncontrolled Recursion. CVSS score: 5.9/10. Published 2026-03-07.
How severe is CVE-2026-29076?: Medium severity. CVSS v3 base score is 5.9 out of 10.