{"id":"CVE-2026-4742","summary":"HTTP Request Smuggling in visualfc/liteide","details":"Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in visualfc liteide (liteidex/src/3rdparty/qjsonrpc/src/http-parser modules). This vulnerability is associated with program files http_parser.C.\n\nThis issue affects liteide: before x38.4.","modified":"2026-07-08T08:13:48.060663340Z","published":"2026-03-24T03:24:06.460Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/4xxx/CVE-2026-4742.json","cwe_ids":["CWE-444"],"cna_assigner":"GovTech CSG"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/4xxx/CVE-2026-4742.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4742"},{"type":"FIX","url":"https://github.com/visualfc/liteide/pull/1325"},{"type":"PACKAGE","url":"https://github.com/visualfc/liteide"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/visualfc/liteide","events":[{"introduced":"0"},{"fixed":"d7bee3ab2113ef373845673262369e502caef6b3"}],"database_specific":{"source":["AFFECTED_FIELD","DESCRIPTION"],"extracted_events":[{"introduced":"0"},{"fixed":"x38.4"}]}}],"versions":["x38.3","x38.2.1","x38.2","x38.1","x38.0","x37.4","x37.3","x37.2","x37.1","x37","x36.3","x36.2","x36.1","x36","x35.5","x35.4","x35.3","x35.2","x35.1","x35","x34.3","x34.2","x34.1","x34","x33.3","x33.2","x33.1","x33","x32.2","x32.1","x32","x31.1","x31","x30.3","x30.2","x30.1","x30","x29","x28","x27.2.1","x27.2","x27.1","x27","x26","x25.2","x25.1","x25","X25","x19","x18.2","x18.1","x18","x17","x16","x15.2","x15.1","x15"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-4742.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:N/E:P/S:N/AU:N/R:U/V:D/RE:L/U:Green"}]}