What is CVE-2026-45300?

CVE-2026-45300 is a high-severity vulnerability, classified under Information Disclosure. CVSS score: 7.4/10. Published 2026-06-05.

How severe is CVE-2026-45300?

High severity. CVSS v3 base score is 7.4 out of 10.

CVE-2026-45300

CVE-2026-45300

The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. Versions on the 2.x branch prior to 2.15.0 and the 3.x branch prior to 3.0.10 leak `Cookie` headers to cr…

Vulnerability class: Information Disclosure

CVSS v3 metric

CVSS v3 base score 7.4 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N.

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

security-advisories@github.com
security-advisories@github.com
security-advisories@github.com

Frequently asked questions

What is CVE-2026-45300?: CVE-2026-45300 is a high-severity vulnerability, classified under Information Disclosure. CVSS score: 7.4/10. Published 2026-06-05.
How severe is CVE-2026-45300?: High severity. CVSS v3 base score is 7.4 out of 10.