TLS Certificate Validation Bypass in cpp-httplib by Yhirose
CVE-2026-32627

8.7HIGH

Key Information:

Vendor: Yhirose
Status: Cpp-httplib
Vendor: CVE Published:; 13 March 2026

What is CVE-2026-32627?

The cpp-httplib library, a popular C++11 cross-platform HTTP/HTTPS library, has a vulnerability that affects clients configured with a proxy and set to follow redirects. In versions prior to 0.37.2, these clients fail to verify TLS certificates and hostnames when following HTTPS redirects, allowing attackers to exploit this flaw by intercepting connections and serving malicious certificates. As a result, sensitive data, including credentials and session tokens, can be compromised without raising any error or alerting the application.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

cpp-httplib < 0.37.2

References

https://github.com/yhirose/cpp-httplib/security/advisorie...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 13, 2026
Vulnerability Reserved
Mar 12, 2026

JSON

Yhirose

What is CVE-2026-32627?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.