{"id":"CVE-2026-40561","summary":"Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence","details":"Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence.\n\nStarlet incorrectly prioritizes \"Content-Length\" over \"Transfer-Encoding: chunked\" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence.\n\nAn attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy.","modified":"2026-07-08T08:12:34.487963527Z","published":"2026-05-03T00:57:31.519Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/40xxx/CVE-2026-40561.json","cwe_ids":["CWE-444"],"cna_assigner":"CPANSec"},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2026/05/03/1"},{"type":"WEB","url":"https://cpan.org/modules"},{"type":"WEB","url":"https://datatracker.ietf.org/doc/html/rfc7230#section-3.3.3"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/40xxx/CVE-2026-40561.json"},{"type":"ADVISORY","url":"https://metacpan.org/release/KAZUHO/Starlet-0.32/changes"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40561"},{"type":"FIX","url":"https://github.com/kazuho/Starlet/commit/a7d5dfd1862aafa43e5eaca0fdb6acf4cc15b2d0.patch"},{"type":"PACKAGE","url":"https://github.com/kazuho/Starlet"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kazuho/starlet","events":[{"introduced":"0"},{"fixed":"a7d5dfd1862aafa43e5eaca0fdb6acf4cc15b2d0"}],"database_specific":{"cpe":"cpe:2.3:a:kazuho:starlet:*:*:*:*:*:perl:*:*","source":["CPE_RANGE","REFERENCES"],"extracted_events":[{"introduced":"0"},{"last_affected":"0.31"}]}}],"versions":["0.31","0.30","0.29","0.28","0.27_01","0.26","0.25","0.24","0.23","0.22","0.21","0.20","0.18","0.17_01","0.16","0.15","0.14","0.13","0.12","0.11","0.10","0.08","0.07","0.05","0.04","0.01"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-40561.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}]}