{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T01:14:28.846","vulnerabilities":[{"cve":{"id":"CVE-2026-28434","sourceIdentifier":"security-advisories@github.com","published":"2026-03-04T20:16:19.823","lastModified":"2026-03-05T22:11:16.540","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, when a request handler throws a C++ exception and the application has not registered a custom exception handler via set_exception_handler(), the library catches the exception and writes its message directly into the HTTP response as a header named EXCEPTION_WHAT. This header is sent to whoever made the request, with no authentication check and no special configuration required to trigger it. The behavior is on by default. A developer who does not know to opt in to set_exception_handler() will ship a server that leaks internal exception messages to any client. This vulnerability is fixed in 0.35.0."},{"lang":"es","value":"cpp-httplib es una librería HTTP/HTTPS multiplataforma de un solo archivo de solo encabezado C++11. Antes de la versión 0.35.0, cuando un gestor de solicitudes lanza una excepción de C++ y la aplicación no ha registrado un gestor de excepciones personalizado a través de set_exception_handler(), la librería captura la excepción y escribe su mensaje directamente en la respuesta HTTP como un encabezado llamado EXCEPTION_WHAT. Este encabezado se envía a quienquiera que haya realizado la solicitud, sin verificación de autenticación y sin necesidad de configuración especial para activarlo. El comportamiento está activado por defecto. Un desarrollador que no sabe cómo optar por set_exception_handler() distribuirá un servidor que filtra mensajes de excepción internos a cualquier cliente. Esta vulnerabilidad se corrige en la versión 0.35.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:yhirose:cpp-httplib:*:*:*:*:*:*:*:*","versionEndExcluding":"0.35.0","matchCriteriaId":"27E6A328-789B-48B3-B888-23C091A0766D"}]}]}],"references":[{"url":"https://github.com/yhirose/cpp-httplib/commit/defd907c7469c5c8281247b73bbd07be24c31164","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-8mpw-r4gc-xm7q","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]}]}}]}