CVE-2026-26365 — MEDIUM (4.0)

Vulnerability Description

Akamai Ghost on Akamai CDN edge servers before 2026-02-06 mishandles processing of custom hop-by-hop HTTP headers, where an incoming request containing the header "Connection: Transfer-Encoding" could result in a forward request with invalid message framing, depending on the Akamai processing path. This could result in the origin server parsing the request body incorrectly, leading to HTTP request smuggling.

CVSS Score

4.0

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Related Weaknesses (CWE)

CWE-444

References

https://www.akamai.com/blog/security-research/cve-2026-26365-incorrect-processin

FAQ

What is CVE-2026-26365?

CVE-2026-26365 is a vulnerability with a CVSS score of 4.0 (MEDIUM). Akamai Ghost on Akamai CDN edge servers before 2026-02-06 mishandles processing of custom hop-by-hop HTTP headers, where an incoming request containing the header "Connection: Transfer-Encoding" could...

How severe is CVE-2026-26365?

CVE-2026-26365 has been rated MEDIUM with a CVSS base score of 4.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-26365?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.