Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
cpp-httplib Exposes Internal Error Messages to Any Client
CVE-2026-28434
Summary
A bug in cpp-httplib, a library used for creating web servers, allows any client to see internal error messages if the server crashes. This is a security issue because it could reveal sensitive information to attackers. To fix this, update to version 0.35.0 or later, or explicitly register an exception handler to prevent error messages from being sent to clients.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| yhirose | cpp-httplib | <= 0.35.0 | – |
Original title
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, when a request handler throws a C++ exception and the application has not registered a custom exce...
Original description
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, when a request handler throws a C++ exception and the application has not registered a custom exception handler via set_exception_handler(), the library catches the exception and writes its message directly into the HTTP response as a header named EXCEPTION_WHAT. This header is sent to whoever made the request, with no authentication check and no special configuration required to trigger it. The behavior is on by default. A developer who does not know to opt in to set_exception_handler() will ship a server that leaks internal exception messages to any client. This vulnerability is fixed in 0.35.0.
nvd CVSS3.1
5.3
Vulnerability type
CWE-200
Information Exposure
- https://github.com/yhirose/cpp-httplib/commit/defd907c7469c5c8281247b73bbd07be24... Patch
- https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-8mpw-r4gc-xm7q Exploit Mitigation Vendor Advisory
Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026