Cross-Site Scripting Vulnerability in cpp-httplib for Mbed TLS and wolfSSL by Yhirose
CVE-2026-54919
7.4HIGH
What is CVE-2026-54919?
The cpp-httplib library, when configured with Mbed TLS or wolfSSL support, exhibits a flaw that compromises SSL certificate validation. Specifically, if a client connects to a host using an IP literal while server certificate verification is enabled, critical validation steps are bypassed. This vulnerability puts users at risk of man-in-the-middle attacks, enabling malicious actors to intercept traffic and manipulate data, thereby compromising the integrity and confidentiality of communications. To mitigate this vulnerability, users are advised to upgrade to cpp-httplib version 0.47.0 or later, where this issue is addressed.
Affected Version(s)
cpp-httplib >= 0.31.0, < 0.47.0
