Threats Tagged 'cve-2026-32881'
View all threats tagged with 'cve-2026-32881'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-32881'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-32881: CWE-183: Permissive List of Allowed Inputs in vshakitskiy eweCVE-2026-32881 0 CVE-2026-32881 affects the Gleam web server 'ewe' versions 0.6.0 through 3.0.4 and allows attackers to bypass authentication or spoof proxy-trust headers by exploiting permissive handling of chunked transfer encoding trailers. The vulnerability arises because only a limited denylist of nine header names is blocked when merging trailer headers into the request headers after body parsing. Malicious clients can append headers in the Trailer field after the final chunk, causing legitimate headers to be overwritten. This enables forging authentication credentials, session hijacking, bypassing IP-based rate limiting, or spoofing proxy-trust headers in downstream middleware that reads headers post body parsing. The issue is fixed in version 3.0. Join the discussion | CVE Database V5 | 03/20/2026, 01:18:55 UTC Added: 03/20/2026, 01:40:52 UTC |
Showing 1 to 1 of 1 result