What is CVE-2026-3945?

CVE-2026-3945 is a high-severity vulnerability in Tinyproxy, classified under Integer Overflow or Wraparound. CVSS score: 7.5/10. Published 2026-03-30.

How severe is CVE-2026-3945?

High severity. CVSS v3 base score is 7.5 out of 10.

Integer overflow in Tinyproxy

CVE-2026-3945

An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to and including version 1.11.3 allows an unauthenticated remote attacker to cause a denial of service (DoS). The issue occurs because chunk siz…

Vulnerability class: Integer Overflow

EPSS: 0.001 (21.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Tinyproxy — versions <=1.11.3

Weakness classification (CWE)

CWE-190 — Integer Overflow or Wraparound

References

github.com/tinyproxy/tinyproxy/issues/602 (issue-tracking, technical-description)
github.com/tinyproxy/tinyproxy/pull/603 (patch)
github.com/tinyproxy/tinyproxy/commit/969852c (patch)
github.com/tinyproxy/tinyproxy/commit/bb7edc4 (patch)
github.com/tinyproxy/tinyproxy/releases (release-notes)

Frequently asked questions

What is CVE-2026-3945?: CVE-2026-3945 is a high-severity vulnerability in Tinyproxy, classified under Integer Overflow or Wraparound. CVSS score: 7.5/10. Published 2026-03-30.
How severe is CVE-2026-3945?: High severity. CVSS v3 base score is 7.5 out of 10.