{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T21:06:23.226","vulnerabilities":[{"cve":{"id":"CVE-2026-29076","sourceIdentifier":"security-advisories@github.com","published":"2026-03-07T16:15:54.193","lastModified":"2026-03-09T21:19:35.750","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.0, cpp-httplib uses std::regex (libstdc++) to parse RFC 5987 encoded filename* values in multipart Content-Disposition headers. The regex engine in libstdc++ implements backtracking via deep recursion, consuming one stack frame per input character. An attacker can send a single HTTP POST request with a crafted filename* parameter that causes uncontrolled stack growth, resulting in a stack overflow (SIGSEGV) that crashes the server process. This issue has been patched in version 0.37.0."},{"lang":"es","value":"cpp-httplib es una biblioteca HTTP/HTTPS C++11 de un solo archivo, solo de encabezado y multiplataforma. Antes de la versión 0.37.0, cpp-httplib utiliza std::regex (libstdc++) para analizar valores filename* codificados según RFC 5987 en encabezados Content-Disposition multipart. El motor de expresiones regulares en libstdc++ implementa retroceso mediante recursión profunda, consumiendo un marco de pila por cada carácter de entrada. Un atacante puede enviar una única solicitud HTTP POST con un parámetro filename* manipulado que causa un crecimiento descontrolado de la pila, resultando en un desbordamiento de pila (SIGSEGV) que bloquea el proceso del servidor. Este problema ha sido parcheado en la versión 0.37.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-674"},{"lang":"en","value":"CWE-1333"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:yhirose:cpp-httplib:*:*:*:*:*:*:*:*","versionEndExcluding":"0.37.0","matchCriteriaId":"DF662624-3D9C-43DE-BAA8-29A734A27040"}]}]}],"references":[{"url":"https://github.com/yhirose/cpp-httplib/commit/de296af3eb5b0d5c116470e033db900e4812c5e6","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/yhirose/cpp-httplib/releases/tag/v0.37.0","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-qq6v-r583-3h69","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}