CWE-444 · Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling)

349 CVEs classified under CWE-444 (Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling)). Browse by severity and year.

Top CVEs for CWE-444
CVESeverityScorePublishedSummary
CVE-2022-22536Critical10.02022-02-09SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for…
CVE-2018-3907Critical10.02018-08-24An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The v…
CVE-2026-45372Critical9.92026-05-29cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's server parses an incoming request, it app…
CVE-2025-55315Critical9.92025-10-14Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature ove…
CVE-2024-41110Critical9.92024-07-24Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine…
CVE-2020-15049Critical9.92020-06-30An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed aga…
CVE-2026-13763Critical9.82026-06-29Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule b…
CVE-2026-13762Critical9.82026-06-29Inconsistent interpretation of HTTP/2 requests in Amazon CloudFront with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule body inspecti…
CVE-2026-41873Critical9.82026-04-28** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Pony Mail leading to admin ac…
CVE-2026-4700Critical9.82026-03-24Mitigation bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9.
CVE-2025-56266Critical9.82025-09-08A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via supplying a crafted URL.
CVE-2024-10264Critical9.82025-03-20HTTP Request Smuggling vulnerability in netease-youdao/qanything version 1.4.1 allows attackers to exploit inconsistencies in the interpretation of HTTP reques…
CVE-2024-27922Critical9.82024-03-21TOMP Bare Server implements the TompHTTP bare server. A vulnerability in versions prior to 2.0.2 relates to insecure handling of HTTP requests by the @tomphttp…
CVE-2024-22081Critical9.82024-03-20An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur in the HTTP header parsin…
CVE-2023-27238Critical9.82023-05-12LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning.
CVE-2023-29141Critical9.82023-03-31An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-…
CVE-2023-25690Critical9.82023-03-07Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when m…
CVE-2022-2466Critical9.82022-08-31It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior.
CVE-2022-29361Critical9.82022-05-25Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with mul…
CVE-2022-24766Critical9.82022-03-21mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.4 and below, a malicious client or server is able to perform HTTP request smu…