VDB

GCVE-110-MAGEIA-2026-146

GCVE-110-MAGEIA-2026-146
Advisory Published
Vulnetix · Advisory published May 16, 2026
The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend server and could be used for request smuggling. (CVE-2026-33555)

Affected Products

VendorProductVersionsPlatforms
Mageiahaproxy0 (affected), 2.8.18-1.1.mga9 (unaffected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›