CVE-2026-32627 - Vulnerability Analysis
HighCVSS: 8.7Last Updated: March 16, 2026
cpp-httplib - Authentication Bypass
Published: March 16, 2026Updated: March 16, 2026Remote Exploitable
Overview
cpp-httplib < 0.37.2 contains a broken authentication caused by disabled TLS certificate and hostname verification on HTTPS redirects when using proxy and follow location, letting network attackers intercept redirected HTTPS connections, exploit requires attacker to control redirect response.
Severity & Score
Severity: High
CVSS Score: 8.7
Impact
Network attackers can intercept redirected HTTPS connections, capturing credentials and session tokens, leading to full man-in-the-middle attacks.
Mitigation
Update to version 0.37.2 or later.
Related Resources
Details
- CVE ID
- CVE-2026-32627
- Severity
- High
- CVSS Score
- 8.7
- Type
- broken_authentication
- Status
- unconfirmed
CWE
- CWE-295
CVSS Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N