Home / Vulnerability Intelligence / CVE-2026-32627

CVE-2026-32627 - Vulnerability Analysis

HighCVSS: 8.7

Last Updated: March 17, 2026

cpp-httplib - Authentication Bypass

Published: March 16, 2026Updated: March 17, 2026PoC AvailableRemote Exploitable

Overview

cpp-httplib < 0.37.2 contains a broken authentication caused by disabled TLS certificate and hostname verification on HTTPS redirects when using proxy and follow location, letting network attackers intercept redirected HTTPS connections, exploit requires attacker to control redirect response.

Severity & Score

Severity: High

CVSS Score: 8.7

EPSS Score: 1.8%(Probability of exploitation in next 30 days)

Impact

Network attackers can intercept redirected HTTPS connections, capturing credentials and session tokens, leading to full man-in-the-middle attacks.

Mitigation

Update to version 0.37.2 or later.

References

https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-c3h8-fqq4-xm4g

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 16, 2026

🟠 CVE-2026-32627 - High (8.7) cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.2, when a cpp-httplib client is configured with a proxy and set_follow_location(true), any HTTPS redirect it follows will have TLS certificate and host... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32627/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-32627
Severity: High
CVSS Score: 8.7
Type: broken_authentication
Status: confirmed
EPSS: 1.8%
Social Posts: 1

CWE

CWE-295

CVSS Metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

EPSS Score

1.8%Probability of exploitation in the next 30 days