Improper Handling of HTTP Headers in Akamai Ghost on CDN Edge Servers
CVE-2026-26365

4MEDIUM

Key Information:

Vendor: Akamai
Status: Ghost
Vendor: CVE Published:; 23 February 2026

What is CVE-2026-26365?

Akamai Ghost on CDN edge servers prior to February 6, 2026, has a flaw in processing custom hop-by-hop HTTP headers, specifically the 'Connection: Transfer-Encoding' header. This mismanagement can lead to a scenario where the forwarded request is framed incorrectly, depending on the Akamai processing path taken. If exploited, it may lead to the origin server incorrectly parsing the request body, creating a potential risk for HTTP request smuggling attacks. This vulnerability underscores the need for vigilance in header management within CDN platforms.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Ghost 0 < 2026-02-06

References

https://www.akamai.com/blog/security-research/cve-2026-26...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 23, 2026
Vulnerability Reserved
Feb 13, 2026

JSON

Akamai

What is CVE-2026-26365?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.