Cross-Site Scripting Vulnerability in cpp-httplib for Mbed TLS and wolfSSL by Yhirose
CVE-2026-54919

7.4HIGH

Key Information:

Vendor

Yhirose

Vendor
CVE Published:
10 July 2026

What is CVE-2026-54919?

The cpp-httplib library, when configured with Mbed TLS or wolfSSL support, exhibits a flaw that compromises SSL certificate validation. Specifically, if a client connects to a host using an IP literal while server certificate verification is enabled, critical validation steps are bypassed. This vulnerability puts users at risk of man-in-the-middle attacks, enabling malicious actors to intercept traffic and manipulate data, thereby compromising the integrity and confidentiality of communications. To mitigate this vulnerability, users are advised to upgrade to cpp-httplib version 0.47.0 or later, where this issue is addressed.

Affected Version(s)

cpp-httplib >= 0.31.0, < 0.47.0

References

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.