CVE-2026-58055

ADVISORY - debian

Summary

nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection headers while passing Content-Length verbatim. A backend that resolves the resulting ambiguous message in the attacker's favor enables HTTP request/response smuggling and cross-client response-queue poisoning.

nghttp2 (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1140917) https://github.com/bikini/exploitarium/tree/main/nghttp2-nghttpx-upgrade-queue-poison-poc https://github.com/nghttp2/nghttp2/commit/ab28105c4a0197da24f8bfc414bc116055249e1e

EPSS Score⁠: 0.00202 (0.102)

Common Weakness Enumeration (CWE)

Impacted images

Advisories

Debian

CREATED

4 hours ago

UPDATED

4 hours ago

ADVISORY IDCVE-2026-58055⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY