https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sun, 14 Jun 2026 14:46:37 +0000 https://vulnerability.circl.lu/sighting/d8dc32f3-6d17-4e1f-aec3-adb62436cc5d/export {"uuid": "d8dc32f3-6d17-4e1f-aec3-adb62436cc5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-45375", "type": "published-proof-of-concept", "source": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-27qc-m5gf-jv5r", "content": "", "creation_timestamp": "2026-05-10T15:32:12.000000Z"} {"uuid": "d8dc32f3-6d17-4e1f-aec3-adb62436cc5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-45375", "type": "published-proof-of-concept", "source": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-27qc-m5gf-jv5r", "content": "", "creation_timestamp": "2026-05-10T15:32:12.000000Z"} https://vulnerability.circl.lu/sighting/d8dc32f3-6d17-4e1f-aec3-adb62436cc5d/export Sun, 10 May 2026 15:32:12 +0000 https://vulnerability.circl.lu/sighting/9def1623-ef9c-4bfd-bd38-e99bceab0ab1/export {"uuid": "9def1623-ef9c-4bfd-bd38-e99bceab0ab1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45370", "type": "seen", "source": "https://gist.github.com/alon710/b6fd947590993b5b0ed338c431321ca8", "content": "# CVE-2026-45370: CVE-2026-45370: Environment Variable Leak in python-utcp CLI Subprocesses\n\n> **CVSS Score:** 7.7\n> **Published:** 2026-05-14\n> **Full Report:** https://cvereports.com/reports/CVE-2026-45370\n\n## Summary\nThe python-utcp library improperly exposes the host application's full environment variables to spawned subprocesses via os.environ.copy(). When combined with an existing command injection flaw, attackers can exfiltrate all host secrets in a single request.\n\n## TL;DR\npython-utcp prior to version 1.1.3 improperly exposes process-level environment variables to CLI subprocesses, enabling secret exfiltration when chained with command injection vulnerabilities.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-526\n- **CVSS Score**: 7.7 (High)\n- **Attack Vector**: Network\n- **Impact**: High Confidentiality Loss\n- **Affected Component**: cli_communication_protocol.py\n- **Related CVE**: CVE-2026-45369\n\n## Affected Systems\n\n- python-utcp\n- Universal Tool Calling Protocol (UTCP) CLI applications\n- **python-utcp**: < 1.1.3 (Fixed in: `1.1.3`)\n\n## Mitigation\n\n- Upgrade the python-utcp library to version 1.1.3 or higher.\n- Override the _prepare_environment() function to return an explicit allowlist of environment variables.\n- Implement defense-in-depth by adopting short-lived, scoped credentials instead of permanent environment variables.\n- Monitor subprocess creation logs for suspicious shell commands or arguments.\n\n**Remediation Steps:**\n1. Identify all deployments utilizing the python-utcp package.\n2. Update requirements.txt or pipfile to mandate python-utcp >= 1.1.3.\n3. Restart the application to ensure the patched library is loaded into memory.\n4. If compromise is suspected, immediately rotate all secrets, API keys, and database credentials previously stored in the host environment.\n\n## References\n\n- [GitHub Advisory: GHSA-5v57-8rxj-3p2r](https://github.com/universal-tool-calling-protocol/python-utcp/security/advisories/GHSA-5v57-8rxj-3p2r)\n- [GitHub Advisory: GHSA-33p6-5jxp-p3x4](https://github.com/universal-tool-calling-protocol/python-utcp/security/advisories/GHSA-33p6-5jxp-p3x4)\n- [NVD Vulnerability Detail](https://nvd.nist.gov/vuln/detail/CVE-2026-45370)\n- [CVE.org Record](https://www.cve.org/CVERecord?id=CVE-2026-45370)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-45370) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-14T22:10:29.000000Z"} {"uuid": "9def1623-ef9c-4bfd-bd38-e99bceab0ab1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45370", "type": "seen", "source": "https://gist.github.com/alon710/b6fd947590993b5b0ed338c431321ca8", "content": "# CVE-2026-45370: CVE-2026-45370: Environment Variable Leak in python-utcp CLI Subprocesses\n\n> **CVSS Score:** 7.7\n> **Published:** 2026-05-14\n> **Full Report:** https://cvereports.com/reports/CVE-2026-45370\n\n## Summary\nThe python-utcp library improperly exposes the host application's full environment variables to spawned subprocesses via os.environ.copy(). When combined with an existing command injection flaw, attackers can exfiltrate all host secrets in a single request.\n\n## TL;DR\npython-utcp prior to version 1.1.3 improperly exposes process-level environment variables to CLI subprocesses, enabling secret exfiltration when chained with command injection vulnerabilities.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-526\n- **CVSS Score**: 7.7 (High)\n- **Attack Vector**: Network\n- **Impact**: High Confidentiality Loss\n- **Affected Component**: cli_communication_protocol.py\n- **Related CVE**: CVE-2026-45369\n\n## Affected Systems\n\n- python-utcp\n- Universal Tool Calling Protocol (UTCP) CLI applications\n- **python-utcp**: < 1.1.3 (Fixed in: `1.1.3`)\n\n## Mitigation\n\n- Upgrade the python-utcp library to version 1.1.3 or higher.\n- Override the _prepare_environment() function to return an explicit allowlist of environment variables.\n- Implement defense-in-depth by adopting short-lived, scoped credentials instead of permanent environment variables.\n- Monitor subprocess creation logs for suspicious shell commands or arguments.\n\n**Remediation Steps:**\n1. Identify all deployments utilizing the python-utcp package.\n2. Update requirements.txt or pipfile to mandate python-utcp >= 1.1.3.\n3. Restart the application to ensure the patched library is loaded into memory.\n4. If compromise is suspected, immediately rotate all secrets, API keys, and database credentials previously stored in the host environment.\n\n## References\n\n- [GitHub Advisory: GHSA-5v57-8rxj-3p2r](https://github.com/universal-tool-calling-protocol/python-utcp/security/advisories/GHSA-5v57-8rxj-3p2r)\n- [GitHub Advisory: GHSA-33p6-5jxp-p3x4](https://github.com/universal-tool-calling-protocol/python-utcp/security/advisories/GHSA-33p6-5jxp-p3x4)\n- [NVD Vulnerability Detail](https://nvd.nist.gov/vuln/detail/CVE-2026-45370)\n- [CVE.org Record](https://www.cve.org/CVERecord?id=CVE-2026-45370)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-45370) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-14T22:10:29.000000Z"} https://vulnerability.circl.lu/sighting/9def1623-ef9c-4bfd-bd38-e99bceab0ab1/export Thu, 14 May 2026 22:10:29 +0000 https://vulnerability.circl.lu/sighting/8a5fdf67-be87-4129-9c3d-45608acd09cb/export {"uuid": "8a5fdf67-be87-4129-9c3d-45608acd09cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45370", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlu6iie6jq2e", "content": "CVE-2026-45370 - python-utcp: Full Process Environment Exposed to CLI Subprocess - Secrets Leakage via Command Injection\nCVE ID : CVE-2026-45370\n \n Published : May 14, 2026, 9:16 p.m. | 2\u00a0hours, 17\u00a0minutes ago\n \n Description : python-utcp is the python implementation of UTCP. ...", "creation_timestamp": "2026-05-15T01:27:16.409884Z"} {"uuid": "8a5fdf67-be87-4129-9c3d-45608acd09cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45370", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlu6iie6jq2e", "content": "CVE-2026-45370 - python-utcp: Full Process Environment Exposed to CLI Subprocess - Secrets Leakage via Command Injection\nCVE ID : CVE-2026-45370\n \n Published : May 14, 2026, 9:16 p.m. | 2\u00a0hours, 17\u00a0minutes ago\n \n Description : python-utcp is the python implementation of UTCP. ...", "creation_timestamp": "2026-05-15T01:27:16.409884Z"} https://vulnerability.circl.lu/sighting/8a5fdf67-be87-4129-9c3d-45608acd09cb/export Fri, 15 May 2026 01:27:16 +0000 https://vulnerability.circl.lu/sighting/10e04d71-b360-4903-adcc-d30731eea1d0/export {"uuid": "10e04d71-b360-4903-adcc-d30731eea1d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45374", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mmwpiscdn52z", "content": "\ud83d\udd34 CVE-2026-45374 - Critical (9.6)\n\nCodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, the task_create tool sp...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-45374/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-28T19:02:11.973546Z"} {"uuid": "10e04d71-b360-4903-adcc-d30731eea1d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45374", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mmwpiscdn52z", "content": "\ud83d\udd34 CVE-2026-45374 - Critical (9.6)\n\nCodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, the task_create tool sp...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-45374/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-28T19:02:11.973546Z"} https://vulnerability.circl.lu/sighting/10e04d71-b360-4903-adcc-d30731eea1d0/export Thu, 28 May 2026 19:02:11 +0000 https://vulnerability.circl.lu/sighting/1c83b31b-8fb8-4ce3-a4e6-d27b932aa581/export {"uuid": "1c83b31b-8fb8-4ce3-a4e6-d27b932aa581", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45374", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmwtrcv6dj2p", "content": "CVE-2026-45374 - CodeWhale: task_create Insecure Defaults Enable RCE via Prompt Injection in Project Files\nCVE ID : CVE-2026-45374\n \n Published : May 28, 2026, 6:16 p.m. | 54\u00a0minutes ago\n \n Description : CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26,...", "creation_timestamp": "2026-05-28T20:18:31.994327Z"} {"uuid": "1c83b31b-8fb8-4ce3-a4e6-d27b932aa581", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45374", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmwtrcv6dj2p", "content": "CVE-2026-45374 - CodeWhale: task_create Insecure Defaults Enable RCE via Prompt Injection in Project Files\nCVE ID : CVE-2026-45374\n \n Published : May 28, 2026, 6:16 p.m. | 54\u00a0minutes ago\n \n Description : CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26,...", "creation_timestamp": "2026-05-28T20:18:31.994327Z"} https://vulnerability.circl.lu/sighting/1c83b31b-8fb8-4ce3-a4e6-d27b932aa581/export Thu, 28 May 2026 20:18:31 +0000 https://vulnerability.circl.lu/sighting/eb7a4f76-656b-49d7-8573-a671e8f8562a/export {"uuid": "eb7a4f76-656b-49d7-8573-a671e8f8562a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45372", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mmzgmyzox52g", "content": "\ud83d\udd34 CVE-2026-45372 - Critical (9.9)\n\ncpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-45372/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-29T21:01:28.509597Z"} {"uuid": "eb7a4f76-656b-49d7-8573-a671e8f8562a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45372", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mmzgmyzox52g", "content": "\ud83d\udd34 CVE-2026-45372 - Critical (9.9)\n\ncpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-45372/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-29T21:01:28.509597Z"} https://vulnerability.circl.lu/sighting/eb7a4f76-656b-49d7-8573-a671e8f8562a/export Fri, 29 May 2026 21:01:28 +0000 https://vulnerability.circl.lu/sighting/dca24acc-c0b7-421c-9399-e032b9647ef6/export {"uuid": "dca24acc-c0b7-421c-9399-e032b9647ef6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45372", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmziti3zcz2h", "content": "CVE-2026-45372 - cpp-httplib: HTTP header value percent-decoding in server-side `parse_header` enables CRLF injection\nCVE ID : CVE-2026-45372\n \n Published : May 29, 2026, 8:16 p.m. | 16\u00a0minutes ago\n \n Description : cpp-httplib is a C++11 single-file header-only cross platform ...", "creation_timestamp": "2026-05-29T21:40:55.535206Z"} {"uuid": "dca24acc-c0b7-421c-9399-e032b9647ef6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45372", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmziti3zcz2h", "content": "CVE-2026-45372 - cpp-httplib: HTTP header value percent-decoding in server-side `parse_header` enables CRLF injection\nCVE ID : CVE-2026-45372\n \n Published : May 29, 2026, 8:16 p.m. | 16\u00a0minutes ago\n \n Description : cpp-httplib is a C++11 single-file header-only cross platform ...", "creation_timestamp": "2026-05-29T21:40:55.535206Z"} https://vulnerability.circl.lu/sighting/dca24acc-c0b7-421c-9399-e032b9647ef6/export Fri, 29 May 2026 21:40:55 +0000 https://vulnerability.circl.lu/sighting/1b3b5e7f-0975-4ccd-a97d-2491d4e996ef/export {"uuid": "1b3b5e7f-0975-4ccd-a97d-2491d4e996ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45372", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116662972724180457", "content": "A lot of offensive activities were identified targeting yhirose cpp-httplib (CVE-2026-45372) https://vuldb.com/vuln/367381/cti", "creation_timestamp": "2026-05-30T10:08:12.626133Z"} {"uuid": "1b3b5e7f-0975-4ccd-a97d-2491d4e996ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45372", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116662972724180457", "content": "A lot of offensive activities were identified targeting yhirose cpp-httplib (CVE-2026-45372) https://vuldb.com/vuln/367381/cti", "creation_timestamp": "2026-05-30T10:08:12.626133Z"} https://vulnerability.circl.lu/sighting/1b3b5e7f-0975-4ccd-a97d-2491d4e996ef/export Sat, 30 May 2026 10:08:12 +0000 https://vulnerability.circl.lu/sighting/70cb2fa4-c6de-4d99-961a-0ffa8097bc5b/export {"uuid": "70cb2fa4-c6de-4d99-961a-0ffa8097bc5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45372", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mnawo727wz2x", "content": "\ud83d\udccc CVE-2026-45372 - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's server parses an incoming reques... https://www.cyberhub.blog/cves/CVE-2026-45372", "creation_timestamp": "2026-06-01T20:37:05.740519Z"} {"uuid": "70cb2fa4-c6de-4d99-961a-0ffa8097bc5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45372", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mnawo727wz2x", "content": "\ud83d\udccc CVE-2026-45372 - cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.44.0, when cpp-httplib's server parses an incoming reques... https://www.cyberhub.blog/cves/CVE-2026-45372", "creation_timestamp": "2026-06-01T20:37:05.740519Z"} https://vulnerability.circl.lu/sighting/70cb2fa4-c6de-4d99-961a-0ffa8097bc5b/export Mon, 01 Jun 2026 20:37:05 +0000 https://vulnerability.circl.lu/sighting/d07dba17-5050-4118-b4a6-b513d5a0658b/export {"uuid": "d07dba17-5050-4118-b4a6-b513d5a0658b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45372", "type": "published-proof-of-concept", "source": "https://t.me/bdufstecru/3214", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 parse_header() \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 cpp-httplib \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438\n\nBDU:2026-07650\nCVE-2026-45372\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f cpp-httplib:\nhttps://github.com/yhirose/cpp-httplib/security/advisories/GHSA-xjxg-64p4-vj4m\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2026-45372", "creation_timestamp": "2026-06-03T14:41:54.000000Z"} {"uuid": "d07dba17-5050-4118-b4a6-b513d5a0658b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45372", "type": "published-proof-of-concept", "source": "https://t.me/bdufstecru/3214", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 parse_header() \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 cpp-httplib \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438\n\nBDU:2026-07650\nCVE-2026-45372\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f cpp-httplib:\nhttps://github.com/yhirose/cpp-httplib/security/advisories/GHSA-xjxg-64p4-vj4m\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2026-45372", "creation_timestamp": "2026-06-03T14:41:54.000000Z"} https://vulnerability.circl.lu/sighting/d07dba17-5050-4118-b4a6-b513d5a0658b/export Wed, 03 Jun 2026 14:41:54 +0000