Request Smuggling
The latest Request Smuggling coverage — news, analysis, and updates from the WindowsNews.AI desk.
Critical Request Smuggling Flaw in nghttpx Proxy Enables HTTP Desync Attacks
A newly disclosed vulnerability in the nghttpx reverse proxy, tracked as CVE-2026-58055, allows attackers to smuggle malicious HTTP requests by exploiting a desynchronization between HTTP Upgrade and...
HTTP Desync Strikes Again: libsoup's CVE-2026-6324 Exposes Proxy Parser Confusion
A newly published vulnerability in the libsoup HTTP library, tracked as CVE-2026-6324, could allow attackers to smuggle malicious requests past reverse proxies, potentially poisoning caches,...
Windows Users, Check Your Systems for libsoup Request Smuggling (CVE-2026-2708) — Patch Guide
Microsoft’s April security advisories include a tracking entry for CVE-2026-2708, a request smuggling flaw in the open‑source libsoup HTTP library. Though libsoup originates in the Linux/GNOME...
Critical Erlang Inets HTTPd Flaw CVE-2026-23941 Lets Attackers Bypass Security Controls
Microsoft's security team has flagged a critical HTTP request smuggling vulnerability in the Erlang/OTP inets HTTP server (httpd), tracked as CVE-2026-23941. The flaw stems from improper parsing of...