Uncontrolled Resource Consumption Vulnerability in Apache HttpComponents Core
CVE-2026-54399
7.5HIGH
What is CVE-2026-54399?
An uncontrolled resource consumption vulnerability exists in the HTTP/1.1 message parser of Apache HttpComponents Core, allowing remote attackers to exploit this flaw. By sending crafted messages with an excessive number of headers or excessively long header lengths, an attacker can trigger memory exhaustion, potentially leading to a denial of service. This vulnerability affects versions 5.4.2 and earlier, as well as 5.5-beta1 and earlier. It is crucial for users to apply the necessary updates to mitigate potential risks associated with this issue.
Affected Version(s)
Apache HttpComponents Core 5.5-alpha <= 5.5-beta1
Apache HttpComponents Core 5.0-alpha <= 5.4.2