Vulnerability Description
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.0, cpp-httplib uses std::regex (libstdc++) to parse RFC 5987 encoded filename* values in multipart Content-Disposition headers. The regex engine in libstdc++ implements backtracking via deep recursion, consuming one stack frame per input character. An attacker can send a single HTTP POST request with a crafted filename* parameter that causes uncontrolled stack growth, resulting in a stack overflow (SIGSEGV) that crashes the server process. This issue has been patched in version 0.37.0.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Yhirose | Cpp-Httplib | < 0.37.0 |
Related Weaknesses (CWE)
References
- https://github.com/yhirose/cpp-httplib/commit/de296af3eb5b0d5c116470e033db900e48Patch
- https://github.com/yhirose/cpp-httplib/releases/tag/v0.37.0ProductRelease Notes
- https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-qq6v-r583-3h69ExploitVendor Advisory
FAQ
What is CVE-2026-29076?
CVE-2026-29076 is a vulnerability with a CVSS score of 5.9 (MEDIUM). cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.37.0, cpp-httplib uses std::regex (libstdc++) to parse RFC 5987 encoded filename* values in multipa...
How severe is CVE-2026-29076?
CVE-2026-29076 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-29076?
Check the references section above for vendor advisories and patch information. Affected products include: Yhirose Cpp-Httplib.