VYPR
Unrated severityNVD Advisory· Published Mar 12, 2026· Updated Mar 13, 2026

Cap'n Proto: Integer overflow in KJ-HTTP chunk size

CVE-2026-32240

Description

Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, when using Transfer-Encoding: chunked, if a chunk's size parsed to a value of 2^64 or larger, it would be truncated to a 64-bit integer. In theory, this bug could enable HTTP request/response smuggling. This vulnerability is fixed in 1.4.0.

Affected products

2
  • Capnproto/Capnprotollm-create2 versions
    <1.4.0+ 1 more
    • (no CPE)range: <1.4.0
    • (no CPE)range: < 1.4.0

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.