VYPR
High severity7.5NVD Advisory· Published May 6, 2026· Updated May 11, 2026

CVE-2026-40562

CVE-2026-40562

Description

Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence.

Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence.

An attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.