CWE-444 · Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling)
349 CVEs classified under CWE-444 (Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling)). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-22536 | Critical | 10.0 | 2022-02-09 | SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for… |
CVE-2018-3907 | Critical | 10.0 | 2018-08-24 | An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The v… |
CVE-2026-45372 | Critical | 9.9 | 2026-05-29 | cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's server parses an incoming request, it app… |
CVE-2025-55315 | Critical | 9.9 | 2025-10-14 | Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature ove… |
CVE-2024-41110 | Critical | 9.9 | 2024-07-24 | Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine… |
CVE-2020-15049 | Critical | 9.9 | 2020-06-30 | An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed aga… |
CVE-2026-13763 | Critical | 9.8 | 2026-06-29 | Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule b… |
CVE-2026-13762 | Critical | 9.8 | 2026-06-29 | Inconsistent interpretation of HTTP/2 requests in Amazon CloudFront with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule body inspecti… |
CVE-2026-41873 | Critical | 9.8 | 2026-04-28 | ** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Pony Mail leading to admin ac… |
CVE-2026-4700 | Critical | 9.8 | 2026-03-24 | Mitigation bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9. |
CVE-2025-56266 | Critical | 9.8 | 2025-09-08 | A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via supplying a crafted URL. |
CVE-2024-10264 | Critical | 9.8 | 2025-03-20 | HTTP Request Smuggling vulnerability in netease-youdao/qanything version 1.4.1 allows attackers to exploit inconsistencies in the interpretation of HTTP reques… |
CVE-2024-27922 | Critical | 9.8 | 2024-03-21 | TOMP Bare Server implements the TompHTTP bare server. A vulnerability in versions prior to 2.0.2 relates to insecure handling of HTTP requests by the @tomphttp… |
CVE-2024-22081 | Critical | 9.8 | 2024-03-20 | An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur in the HTTP header parsin… |
CVE-2023-27238 | Critical | 9.8 | 2023-05-12 | LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning. |
CVE-2023-29141 | Critical | 9.8 | 2023-03-31 | An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-… |
CVE-2023-25690 | Critical | 9.8 | 2023-03-07 | Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when m… |
CVE-2022-2466 | Critical | 9.8 | 2022-08-31 | It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior. |
CVE-2022-29361 | Critical | 9.8 | 2022-05-25 | Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with mul… |
CVE-2022-24766 | Critical | 9.8 | 2022-03-21 | mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.4 and below, a malicious client or server is able to perform HTTP request smu… |