Home > Vulnerability Database > CVE-2026-22776

Mend.io Vulnerability Database

CVE-2026-22776

Good to know:

Date: January 12, 2026

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service (DoS) vulnerability exists in cpp-httplib due to the unsafe handling of compressed HTTP request bodies (Content-Encoding: gzip, br, etc.). The library validates the payload_max_length against the compressed data size received from the network, but does not limit the size of the decompressed data stored in memory.

Severity Score

7.5

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2026-22776

Url: https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-h934-98h4-j43q

Url: https://github.com/yhirose/cpp-httplib/commit/2e2e47bab1ae6a853476eecbc4bf279dd1fef792

Url: https://www.mend.io/vulnerability-database/CVE-2026-22776

Severity Score

7.5

Weakness Type (CWE)

Improper Handling of Highly Compressed Data (Data Amplification)

CWE-409

Top Fix

Upgrade Version

Upgrade to version https://github.com/yhirose/cpp-httplib.git - v0.30.1

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2026-22776

Good to know:

Date: January 12, 2026

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?