CVE-2026-31842

Exploit

EPSS 0.9%
Veröffentlicht 07.04.2026 11:17:33
Zuletzt bearbeitet 29.04.2026 18:51:51
Quelle 309f9ea4-e3e9-4c6c-b79d-e8eb01
CVE-Watchlists
Login
Unerledigt
Login

Tinyproxy HTTP request parsing desynchronization via case-sensitive Transfer-Encoding handling

Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The is_chunked_transfer() function uses strcmp() to compare the header value against "chunked", even though RFC 7230 specifies that transfer-coding names are case-insensitive. By sending a request with Transfer-Encoding: Chunked, an unauthenticated remote attacker can cause Tinyproxy to misinterpret the request as having no body. In this state, Tinyproxy sets content_length.client to -1, skips pull_client_data_chunked(), forwards request headers upstream, and transitions into relay_connection() raw TCP forwarding while unread body data remains buffered. This leads to inconsistent request state between Tinyproxy and backend servers. RFC-compliant backends (e.g., Node.js, Nginx) will continue waiting for chunked body data, causing connections to hang indefinitely. This behavior enables application-level denial of service through backend worker exhaustion. Additionally, in deployments where Tinyproxy is used for request-body inspection, filtering, or security enforcement, the unread body may be forwarded without proper inspection, resulting in potential security control bypass.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Tinyproxy Project ≫ Tinyproxy Version <= 1.11.3

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.9%	0.549

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c	8.7	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

https://github.com/tinyproxy/tinyproxy

Product

https://github.com/tinyproxy/tinyproxy/issues/604

Exploit

Issue Tracking

https://datatracker.ietf.org/doc/html/rfc7230

Exploit

Technical Description

https://nvd.nist.gov/vuln/detail/CVE-2026-31842

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-31842

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-31842

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-31842