Akamai CDN edge servers process custom HTTP headers incorrectly

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

4.0

Akamai CDN edge servers process custom HTTP headers incorrectly

CVE-2026-26365

Summary

Akamai CDN edge servers may incorrectly process certain HTTP headers, which could lead to the origin server misinterpreting the request, causing potential security risks. This affects Akamai customers who use these edge servers. To protect against this issue, update your Akamai CDN edge servers to the latest version by February 6, 2026.

Original title

Original description

Akamai Ghost on Akamai CDN edge servers before 2026-02-06 mishandles processing of custom hop-by-hop HTTP headers, where an incoming request containing the header "Connection: Transfer-Encoding" could result in a forward request with invalid message framing, depending on the Akamai processing path. This could result in the origin server parsing the request body incorrectly, leading to HTTP request smuggling.

nvd CVSS3.1 4.0

Vulnerability type

CWE-444

https://www.akamai.com/blog/security-research/cve-2026-26365-incorrect-processin...

Published: 23 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026