CVE-2026-54388— Tinyproxy - HTTP Request Smuggling via Duplicate Content-Length Headers
Possible ATT&CK Techniques 1AI
T1071.001 · Web ProtocolsGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-54388
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Tinyproxy - HTTP Request Smuggling via Duplicate Content-Length Headers
Source: NVD (National Vulnerability Database)
Vulnerability Description
Tinyproxy through 1.11.3, fixed in commit 364cdb6, fails to reject requests containing multiple Content-Length headers with differing values, forwarding all duplicate headers to the backend while using the first value to determine how many request body bytes to consume. Remote attackers can desynchronize the proxy and backend parser state, allowing injection of arbitrary HTTP requests to the backend to enable cache poisoning, access control bypass, and request hijacking.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
HTTP请求的解释不一致性(HTTP请求私运)
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-54388
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-54388
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-54388 (2)
Vendor Advisories for CVE-2026-54388 (1)
News Coverage for CVE-2026-54388 (1)
Same Patch Batch · tinyproxy · 2026-06-17 · 3 CVEs total
| CVE-2026-54387 | 9.1 CRITICAL | Tinyproxy - HTTP Request Smuggling via CL/TE Desynchronization |
| CVE-2026-55202 | 8.2 HIGH | Tinyproxy - Stathost Detection Bypass via Host Header Manipulation |
IV. Related Vulnerabilities
Same product: tinyproxy
Same weakness: CWE-444
- CVE-2026-48979
PHP Standard Library: HTTP/2 server-side missing content-len - CVE-2026-54387
Tinyproxy - HTTP Request Smuggling via CL/TE Desynchronizati - CVE-2026-50020
Netty's HttpObjectDecoder skips arbitrary initial control ch - CVE-2026-6338
HTTP request smuggling in Kong Enteprise Gateway - CVE-2026-41853
Spring Framework Multipart Request Smuggling in Spring MVC a
V. Comments for CVE-2026-54388
No comments yet