Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-54388
PUBLISHED
More InfoOfficial Page
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
View Known Exploited Vulnerability (KEV) details
Published At-17 Jun, 2026 | 19:59
Updated At-23 Jun, 2026 | 16:16
Rejected At-
▼CVE Numbering Authority (CNA)
Tinyproxy - HTTP Request Smuggling via Duplicate Content-Length Headers

Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Content-Length headers with differing values, forwarding all duplicate headers to the backend while using the first value to determine how many request body bytes to consume. Remote attackers can desynchronize the proxy and backend parser state, allowing injection of arbitrary HTTP requests to the backend to enable cache poisoning, access control bypass, and request hijacking.

Affected Products
Vendor
tinyproxy
Product
tinyproxy
Repo
https://github.com/tinyproxy/tinyproxy
Default Status
affected
Versions
Affected
  • From 0 through 1.11.3 (semver)
Unaffected
  • 364cdb67e0ea00a8e4a7037e2693e0711e816adb (git)
Problem Types
TypeCWE IDDescription
CWECWE-444Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Type: CWE
CWE ID: CWE-444
Description: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Metrics
VersionBase scoreBase severityVector
4.09.3CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
3.19.1CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Version: 4.0
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Version: 3.1
Base score: 9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Tristan Madani (@TristanInSec)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/tinyproxy/tinyproxy/issues/609
issue-tracking
https://github.com/tinyproxy/tinyproxy/pull/610
issue-tracking
https://github.com/tinyproxy/tinyproxy/commit/364cdb67e0ea00a8e4a7037e2693e0711e816adb
patch
https://www.vulncheck.com/advisories/tinyproxy-http-request-smuggling-via-duplicate-content-length-headers
third-party-advisory
Hyperlink: https://github.com/tinyproxy/tinyproxy/issues/609
Resource:
issue-tracking
Hyperlink: https://github.com/tinyproxy/tinyproxy/pull/610
Resource:
issue-tracking
Hyperlink: https://github.com/tinyproxy/tinyproxy/commit/364cdb67e0ea00a8e4a7037e2693e0711e816adb
Resource:
patch
Hyperlink: https://www.vulncheck.com/advisories/tinyproxy-http-request-smuggling-via-duplicate-content-length-headers
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/tinyproxy/tinyproxy/issues/609
exploit
Hyperlink: https://github.com/tinyproxy/tinyproxy/issues/609
Resource:
exploit
Details not found