{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-24T15:18:20.148","vulnerabilities":[{"cve":{"id":"CVE-2026-28435","sourceIdentifier":"security-advisories@github.com","published":"2026-03-04T20:16:19.983","lastModified":"2026-03-05T22:09:45.190","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, cpp-httplib (httplib.h) does not enforce Server::set_payload_max_length() on the decompressed request body when using HandlerWithContentReader (streaming ContentReader) with Content-Encoding: gzip (or other supported encodings). A small compressed payload can expand beyond the configured payload limit and be processed by the application, enabling a payload size limit bypass and potential denial of service (CPU/memory exhaustion). This vulnerability is fixed in 0.35.0."},{"lang":"es","value":"cpp-httplib es una librería HTTP/HTTPS multiplataforma de un solo archivo de cabecera C++11. Antes de la versión 0.35.0, cpp-httplib (httplib.h) no aplica Server::set_payload_max_length() en el cuerpo de la solicitud descomprimido al usar HandlerWithContentReader (ContentReader de transmisión) con Content-Encoding: gzip (u otras codificaciones compatibles). Una pequeña carga útil comprimida puede expandirse más allá del límite de carga útil configurado y ser procesada por la aplicación, lo que permite una omisión del límite de tamaño de la carga útil y una potencial denegación de servicio (agotamiento de CPU/memoria). Esta vulnerabilidad está corregida en la versión 0.35.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-400"},{"lang":"en","value":"CWE-409"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:yhirose:cpp-httplib:*:*:*:*:*:*:*:*","versionEndExcluding":"0.35.0","matchCriteriaId":"27E6A328-789B-48B3-B888-23C091A0766D"}]}]}],"references":[{"url":"https://github.com/yhirose/cpp-httplib/commit/c99d7472b5cf4869d3897b9afc9792063a3d15a8","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-xvfx-w463-6fpp","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]}]}}]}