Stack Overflow Vulnerability in cpp-httplib Affects C++ HTTP Library
CVE-2026-29076

5.9MEDIUM

Key Information:

Vendor

Yhirose

Status
Cpp-httplib
Vendor
CVE Published:
7 March 2026

What is CVE-2026-29076?

The cpp-httplib library, a single-file header-only C++ HTTP/HTTPS solution, contains a vulnerability that allows attackers to trigger uncontrolled stack growth through crafted filename* parameters in multipart Content-Disposition headers. This occurs due to the regex parsing mechanism in the library which relies on deep recursion, leading to a stack overflow and potential crash of the server process. This issue affects all versions prior to 0.37.0, which contains a fix to bolster the security against such exploits.

Affected Version(s)

cpp-httplib < 0.37.0

References

https://github.com/yhirose/cpp-httplib/security/advisorie...
x_refsource_CONFIRM
https://github.com/yhirose/cpp-httplib/commit/de296af3eb5...
x_refsource_MISC
https://github.com/yhirose/cpp-httplib/releases/tag/v0.37.0
x_refsource_MISC

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.