CVE-2026-54399

Summary

Uncontrolled Resource Consumption vulnerability in the HTTP/1.1 message parser in Apache HttpComponents Core (5.4.2 and earlier, 5.5-beta1 and earlier) allows an remote attacker to cause a denial of service through memory exhaustion by sending messages with excessive number of headers / excessive header length

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache HttpComponents Core5.5-alpha <= 5.5-beta1affected
Apache Software FoundationApache HttpComponents Core5.0-alpha <= 5.4.2affected

Weaknesses

  • CWE-400: CWE-400 Uncontrolled Resource Consumption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References