Crowdsec
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44982 | hig | 0.45 | — | — | May 27, 2026 | ## Summary The CrowdSec AppSec component fails to read the HTTP request body for any request whose `Content-Length` is not positive — most notably HTTP/1.1 requests using `Transfer-Encoding: chunked` and HTTP/2 requests sent without a `content-length` header. Coraza is then… | ||
| CVE-2026-44981 | 0.00 | — | — | May 27, 2026 | The LAPI router uses `gin-contrib/gzip` with `DefaultDecompressHandle` globally (`pkg/apiserver/controllers/controller.go`). This middleware decompresses incoming request bodies without enforcing a maximum decompressed size. The endpoints `/v1/watchers` or `/v1/watchers/login`… |
- risk 0.45cvss —epss —
## Summary The CrowdSec AppSec component fails to read the HTTP request body for any request whose `Content-Length` is not positive — most notably HTTP/1.1 requests using `Transfer-Encoding: chunked` and HTTP/2 requests sent without a `content-length` header. Coraza is then…
- CVE-2026-44981May 27, 2026risk 0.00cvss —epss —
The LAPI router uses `gin-contrib/gzip` with `DefaultDecompressHandle` globally (`pkg/apiserver/controllers/controller.go`). This middleware decompresses incoming request bodies without enforcing a maximum decompressed size. The endpoints `/v1/watchers` or `/v1/watchers/login`…