Plattform
cpp
Komponente
cpp-httplib
Behoben in
0.39.1
CVE-2026-33745 is a high-severity vulnerability affecting cpp-httplib versions up to 0.39.0. This vulnerability allows attackers to intercept plaintext authentication credentials (Basic Auth, Bearer Token, and Digest Auth) when the client follows cross-origin HTTP redirects. The vulnerability stems from the library's forwarding of these credentials to arbitrary hosts, potentially exposing sensitive information to malicious actors.
An attacker can exploit this vulnerability by crafting a malicious HTTP redirect response. This could be achieved through a compromised server or by manipulating a legitimate server's response. When a client using cpp-httplib follows this redirect, the Authorization header containing the credentials is sent to the attacker-controlled host in plaintext. This allows the attacker to steal usernames, passwords, and other authentication tokens. The potential impact is significant, as compromised credentials can grant attackers access to sensitive data and systems. This vulnerability shares similarities with other credential leakage issues where improper handling of authentication headers leads to exposure.
CVE-2026-33745 was publicly disclosed on 2026-03-27. There is no indication of active exploitation at this time, and it is not currently listed on the CISA KEV catalog. Public proof-of-concept (POC) code is not yet available, but the vulnerability's nature makes it likely that a POC will be developed. The EPSS score is likely to be assessed as medium due to the potential for credential theft and the relatively straightforward exploitation path.
Applications and systems that rely on cpp-httplib for HTTP client functionality and handle authentication credentials are at risk. This includes applications that perform cross-origin requests and follow redirects, particularly those deployed in environments where the server infrastructure is not fully trusted or where third-party services are integrated.
• cpp: Examine application code for usage of cpp-httplib versions prior to 0.39.0.
• generic web: Monitor HTTP traffic for unexpected redirects to unfamiliar domains, especially those involving authentication headers.
• generic web: Inspect access logs for requests containing authentication headers followed by redirects to external domains. Look for patterns indicating potential credential leakage.
• generic web: Use a network traffic analyzer (e.g., Wireshark) to capture and analyze HTTP requests and responses, specifically focusing on the Authorization header during redirects.
disclosure
Exploit-Status
EPSS
0.04% (13% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-33745 is to upgrade to cpp-httplib version 0.39.0 or later, which includes a fix for this issue. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) or proxy to inspect and block suspicious HTTP redirects. Configure the WAF to specifically look for redirects to unexpected or untrusted domains. Additionally, review your application's code to ensure that it validates and sanitizes HTTP redirects before following them. After upgrading, confirm the fix by sending a request with authentication credentials through a redirect and verifying that the credentials are not exposed in the Authorization header of the subsequent request.
Actualice la biblioteca cpp-httplib a la versión 0.39.0 o superior. Esto evitará que las credenciales de autenticación se filtren a hosts no confiables al seguir redireccionamientos HTTP de origen cruzado. La actualización corrige la vulnerabilidad que permite a un servidor malicioso redirigir al cliente a un host controlado por el atacante, exponiendo las credenciales en el encabezado `Authorization`.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-33745 is a high-severity vulnerability in cpp-httplib versions up to 0.39.0 that allows attackers to intercept plaintext credentials via HTTP redirects.
You are affected if you are using cpp-httplib versions prior to 0.39.0 and your application follows HTTP redirects.
Upgrade to cpp-httplib version 0.39.0 or later to resolve the vulnerability. Consider WAF rules as an interim measure.
There is currently no indication of active exploitation, but the vulnerability's nature makes it a potential target.
Refer to the cpp-httplib project's repository or website for the official advisory and release notes.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.