CVE-2026-54387— Tinyproxy - HTTP Request Smuggling via CL/TE Desynchronization
Possible ATT&CK Techniques 1AI
T1102 · Web ServiceGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-54387
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Tinyproxy - HTTP Request Smuggling via CL/TE Desynchronization
Source: NVD (National Vulnerability Database)
Vulnerability Description
Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbatim to the backend while using Content-Length to determine how many request body bytes to consume. Remote attackers can desynchronize the proxy and backend parser state, allowing injection of arbitrary HTTP requests to the backend to enable cache poisoning, access control bypass, and request hijacking.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
HTTP请求的解释不一致性(HTTP请求私运)
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-54387
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-54387
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-54387 (2)
Vendor Advisories for CVE-2026-54387 (1)
News Coverage for CVE-2026-54387 (1)
Same Patch Batch · tinyproxy · 2026-06-17 · 3 CVEs total
| CVE-2026-54388 | 9.1 CRITICAL | Tinyproxy - HTTP Request Smuggling via Duplicate Content-Length Headers |
| CVE-2026-55202 | 8.2 HIGH | Tinyproxy - Stathost Detection Bypass via Host Header Manipulation |
IV. Related Vulnerabilities
Same product: tinyproxy
Same weakness: CWE-444
- CVE-2026-48979
PHP Standard Library: HTTP/2 server-side missing content-len - CVE-2026-54388
Tinyproxy - HTTP Request Smuggling via Duplicate Content-Len - CVE-2026-50020
Netty's HttpObjectDecoder skips arbitrary initial control ch - CVE-2026-6338
HTTP request smuggling in Kong Enteprise Gateway - CVE-2026-41853
Spring Framework Multipart Request Smuggling in Spring MVC a
V. Comments for CVE-2026-54387
No comments yet