Improper Certificate Validation Affecting cpp-httplib package, versions [0.39.0,0.47.0)


Severity

Recommended
0.0
critical
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.26% (18th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-CONAN-CPPHTTPLIB-17950407
  • published11 Jul 2026
  • disclosed10 Jul 2026
  • creditUnknown

Introduced: 10 Jul 2026

NewCVE-2026-54919  (opens in a new tab)
CWE-295  (opens in a new tab)

How to fix?

Upgrade cpp-httplib to version 0.47.0 or higher.

Overview

Affected versions of this package are vulnerable to Improper Certificate Validation in the SSLClient and Client processes in HTTPS mode when connecting to an IP-literal host with server certificate verification enabled. An attacker can intercept and manipulate encrypted traffic by presenting a crafted certificate, potentially reading or modifying sensitive data in transit. This is only exploitable if the library is built with either CPPHTTPLIB_MBEDTLS_SUPPORT or CPPHTTPLIB_WOLFSSL_SUPPORT and connections are made to IP-literal hosts.

CVSS Base Scores

version 4.0
version 3.1