CWE-444
HTTP Request/Response Smuggling
MITRENo catalog description on file. The MITRE CWE site has the canonical reference.
Recent CVEs
showing 11 of 11- CVE-2026-46342—EPSS 0%19 h ago
Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning
npm - CVE-2026-50020Medium· 5.3EPSS 0%22 h ago
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, before reading the first request-line, `HttpObjectDecoder` skips every byte for which `Character.isI
- CVE-2023-41265Critical· 9.6KEVEPSS 92%22 h ago
Qlik Sense HTTP Tunneling Vulnerability
- CVE-2023-48365Critical· 9.6KEVEPSS 56%22 h ago
Qlik Sense HTTP Tunneling Vulnerability
- CVE-2022-22536Critical· 10.0KEVEXPLOITEPSS 94%22 h ago
SAP Multiple Products HTTP Request Smuggling Vulnerability
- CVE-2026-6338—EPSS 0%1 d ago
A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 series. The vulnerability is caused by a parsing flaw in Kong’s HTTP request processing pipeline when handlin
- CVE-2026-28367—EPSS 0%2 d ago
Undertow is Vulnerable to HTTP Request/Response Smuggling
maven - CVE-2026-28369—EPSS 0%2 d ago
Undertow is Vulnerable to HTTP Request/Response Smuggling
maven - CVE-2026-28368—EPSS 0%2 d ago
Undertow is Vulnerable to HTTP Request/Response Smuggling
maven - CVE-2026-41853Medium· 5.3EPSS 0%4 d ago
Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
- CVE-2014-8150HighEPSS 1%25 d ago
curl/libcurl: URL request injection
curl
CWE catalog data sourced from MITRE. CVE associations come from NVD weakness mappings; some CVEs carry multiple CWEs.