CVE-2026-2836
- EPSS 0.01%
- Veröffentlicht 04.03.2026 23:44:56
- Zuletzt bearbeitet 12.03.2026 14:33:32
A cache poisoning vulnerability has been found in the Pingora HTTP proxy framework’s default cache key construction. The issue occurs because the default HTTP cache key implementation generates cache keys using only the URI path, excluding critical f...
CVE-2026-2835
- EPSS 0.02%
- Veröffentlicht 04.03.2026 23:32:41
- Zuletzt bearbeitet 12.03.2026 15:06:16
An HTTP Request Smuggling vulnerability (CWE-444) has been found in Pingora's parsing of HTTP/1.0 and Transfer-Encoding requests. The issue occurs due to improperly allowing HTTP/1.0 request bodies to be close-delimited and incorrect handling of mult...
CVE-2026-2833
- EPSS 0.02%
- Veröffentlicht 04.03.2026 23:20:51
- Zuletzt bearbeitet 12.03.2026 15:08:03
An HTTP request smuggling vulnerability (CWE-444) was found in Pingora's handling of HTTP/1.1 connection upgrades. The issue occurs when a Pingora proxy reads a request containing an Upgrade header, causing the proxy to pass through the rest of the b...
CVE-2025-4366
- EPSS 0.61%
- Veröffentlicht 22.05.2025 15:50:20
- Zuletzt bearbeitet 06.08.2025 17:01:13
A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache...