cpp-httplib vulnerability
Published: Thu, 25 Jun 2026 07:53
Summary
cpp-httplib could mishandle HTTP requests if it received specially crafted network traffic.
Details
It was discovered that cpp-httplib incorrectly percent-decoded HTTP request header values. A remote attacker could use this to inject crafted header content possibly leading to response splitting, log injection or proxy smuggling.
Recommended actions per Ubuntu release
StackPatch playbook auto-generated per release codename and per affected package.
Ubuntu jammy
cpp-httplib→0.10.3+ds-1ubuntu0.1~esm2apt_upgrade_esmFixed at 0.10.3+ds-1ubuntu0.1~esm2 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y cpp-httplib=0.10.3+ds-1ubuntu0.1~esm2
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
libcpp-httplib-dev→0.10.3+ds-1ubuntu0.1~esm2apt_upgrade_esmFixed at 0.10.3+ds-1ubuntu0.1~esm2 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y libcpp-httplib-dev=0.10.3+ds-1ubuntu0.1~esm2
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
libcpp-httplib0→0.10.3+ds-1ubuntu0.1~esm2apt_upgrade_esmFixed at 0.10.3+ds-1ubuntu0.1~esm2 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y libcpp-httplib0=0.10.3+ds-1ubuntu0.1~esm2
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
Ubuntu noble
cpp-httplib→0.14.3+ds-1.1ubuntu0.1~esm2apt_upgrade_esmFixed at 0.14.3+ds-1.1ubuntu0.1~esm2 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y cpp-httplib=0.14.3+ds-1.1ubuntu0.1~esm2
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
libcpp-httplib-dev→0.14.3+ds-1.1ubuntu0.1~esm2apt_upgrade_esmFixed at 0.14.3+ds-1.1ubuntu0.1~esm2 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y libcpp-httplib-dev=0.14.3+ds-1.1ubuntu0.1~esm2
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
libcpp-httplib0.14t64→0.14.3+ds-1.1ubuntu0.1~esm2apt_upgrade_esmFixed at 0.14.3+ds-1.1ubuntu0.1~esm2 — ESM-only. Enable Ubuntu Pro (free for 5 personal machines) or treat as watch item.
sudo pro attach <token> sudo apt-get update sudo apt-get install --only-upgrade -y libcpp-httplib0.14t64=0.14.3+ds-1.1ubuntu0.1~esm2
Sign up at https://ubuntu.com/pro. Free for personal + small-team use.
Ubuntu questing
cpp-httplib→0.18.7-1ubuntu0.25.10.2apt_upgradeStandard apt upgrade. Install 0.18.7-1ubuntu0.25.10.2 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y cpp-httplib
Most apt upgrades restart their service automatically. needrestart lists anything else.
libcpp-httplib-dev→0.18.7-1ubuntu0.25.10.2apt_upgradeStandard apt upgrade. Install 0.18.7-1ubuntu0.25.10.2 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libcpp-httplib-dev
Most apt upgrades restart their service automatically. needrestart lists anything else.
libcpp-httplib0.18→0.18.7-1ubuntu0.25.10.2apt_upgradeStandard apt upgrade. Install 0.18.7-1ubuntu0.25.10.2 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libcpp-httplib0.18
Most apt upgrades restart their service automatically. needrestart lists anything else.
Ubuntu resolute
cpp-httplib→0.26.0+ds-2ubuntu3+esm1apt_upgradeStandard apt upgrade. Install 0.26.0+ds-2ubuntu3+esm1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y cpp-httplib
Most apt upgrades restart their service automatically. needrestart lists anything else.
libcpp-httplib-dev→0.26.0+ds-2ubuntu3+esm1apt_upgradeStandard apt upgrade. Install 0.26.0+ds-2ubuntu3+esm1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libcpp-httplib-dev
Most apt upgrades restart their service automatically. needrestart lists anything else.
libcpp-httplib0.26→0.26.0+ds-2ubuntu3+esm1apt_upgradeStandard apt upgrade. Install 0.26.0+ds-2ubuntu3+esm1 from the apt repo.
sudo apt-get update sudo apt-get install --only-upgrade -y libcpp-httplib0.26
Most apt upgrades restart their service automatically. needrestart lists anything else.
Are YOU affected by USN-8470-1?
5-second check on your actual server. Reads /etc/os-release, uname -r, and dpkg-query; matches against the live USN + Debian Security Tracker feeds; tells you whether USN-8470-1 (and any other live CVE) applies. Anonymous, no signup.
curl https://mindsparkstack.com/scan.sh | bash
StackPatch runs this match against YOUR installed packages every hour
Free (3 servers) / from $9/mo (14-day free trial) / Solo $9/mo / Pro $29/mo / Team $79/mo. Indie pricing.