{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32239", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-11T14:47:05.684Z", "datePublished": "2026-03-12T19:33:25.052Z", "dateUpdated": "2026-03-13T16:15:03.051Z"}, "containers": {"cna": {"title": "Cap'n Proto has an integer overflow in KJ-HTTP", "problemTypes": [{"descriptions": [{"cweId": "CWE-444", "lang": "en", "description": "CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-190", "lang": "en", "description": "CWE-190: Integer Overflow or Wraparound", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/capnproto/capnproto/security/advisories/GHSA-qjx3-pp3m-9jpm", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/capnproto/capnproto/security/advisories/GHSA-qjx3-pp3m-9jpm"}, {"name": "https://github.com/capnproto/capnproto/commit/2744b3c012b4aa3c31cefb61ec656829fa5c0e36", "tags": ["x_refsource_MISC"], "url": "https://github.com/capnproto/capnproto/commit/2744b3c012b4aa3c31cefb61ec656829fa5c0e36"}, {"name": "https://github.com/capnproto/capnproto/commit/e929f0ba7901a6b8f4b5ba9a4db00af43288cbb0", "tags": ["x_refsource_MISC"], "url": "https://github.com/capnproto/capnproto/commit/e929f0ba7901a6b8f4b5ba9a4db00af43288cbb0"}, {"name": "https://capnproto.org/capnproto-c++-1.4.0.tar.gz", "tags": ["x_refsource_MISC"], "url": "https://capnproto.org/capnproto-c++-1.4.0.tar.gz"}, {"name": "https://capnproto.org/capnproto-c++-win32-1.4.0.zip", "tags": ["x_refsource_MISC"], "url": "https://capnproto.org/capnproto-c++-win32-1.4.0.zip"}], "affected": [{"vendor": "capnproto", "product": "capnproto", "versions": [{"version": "< 1.4.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-12T19:33:25.052Z"}, "descriptions": [{"lang": "en", "value": "Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, a negative Content-Length value was converted to unsigned, treating it as an impossibly large length instead. In theory, this bug could enable HTTP request/response smuggling. This vulnerability is fixed in 1.4.0."}], "source": {"advisory": "GHSA-qjx3-pp3m-9jpm", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-13T16:14:56.683931Z", "id": "CVE-2026-32239", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-13T16:15:03.051Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "Cap'n Proto has an integer overflow in KJ-HTTP", "source": {"advisory": "GHSA-qjx3-pp3m-9jpm", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW"}}], "affected": [{"vendor": "capnproto", "product": "capnproto", "versions": [{"status": "affected", "version": "< 1.4.0"}]}], "references": [{"url": "https://github.com/capnproto/capnproto/security/advisories/GHSA-qjx3-pp3m-9jpm", "name": "https://github.com/capnproto/capnproto/security/advisories/GHSA-qjx3-pp3m-9jpm", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/capnproto/capnproto/commit/2744b3c012b4aa3c31cefb61ec656829fa5c0e36", "name": "https://github.com/capnproto/capnproto/commit/2744b3c012b4aa3c31cefb61ec656829fa5c0e36", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/capnproto/capnproto/commit/e929f0ba7901a6b8f4b5ba9a4db00af43288cbb0", "name": "https://github.com/capnproto/capnproto/commit/e929f0ba7901a6b8f4b5ba9a4db00af43288cbb0", "tags": ["x_refsource_MISC"]}, {"url": "https://capnproto.org/capnproto-c++-1.4.0.tar.gz", "name": "https://capnproto.org/capnproto-c++-1.4.0.tar.gz", "tags": ["x_refsource_MISC"]}, {"url": "https://capnproto.org/capnproto-c++-win32-1.4.0.zip", "name": "https://capnproto.org/capnproto-c++-win32-1.4.0.zip", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, a negative Content-Length value was converted to unsigned, treating it as an impossibly large length instead. In theory, this bug could enable HTTP request/response smuggling. This vulnerability is fixed in 1.4.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-444", "description": "CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-12T19:33:25.052Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32239", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-13T16:14:56.683931Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-03-13T16:14:59.764Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-32239", "state": "PUBLISHED", "dateUpdated": "2026-03-12T19:33:25.052Z", "dateReserved": "2026-03-11T14:47:05.684Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-12T19:33:25.052Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:capnproto:capnproto:*:*:*:*:*:*:*:*", "matchCriteriaId": "8055977B-A05F-42A9-8EEF-ED19D74C1319", "versionEndExcluding": "1.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, a negative Content-Length value was converted to unsigned, treating it as an impossibly large length instead. In theory, this bug could enable HTTP request/response smuggling. This vulnerability is fixed in 1.4.0."}, {"lang": "es", "value": "Cap'n Proto es un formato de intercambio de datos y un sistema RPC basado en capacidades. Antes de la versi\u00f3n 1.4.0, un valor negativo de Content-Length se convert\u00eda a sin signo, trat\u00e1ndolo en su lugar como una longitud imposiblemente grande. En teor\u00eda, este error podr\u00eda permitir el contrabando de solicitudes/respuestas HTTP. Esta vulnerabilidad est\u00e1 corregida en la versi\u00f3n 1.4.0."}], "id": "CVE-2026-32239", "lastModified": "2026-03-18T16:55:37.693", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-12T20:16:05.010", "references": [{"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://capnproto.org/capnproto-c++-1.4.0.tar.gz"}, {"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://capnproto.org/capnproto-c++-win32-1.4.0.zip"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/capnproto/capnproto/commit/2744b3c012b4aa3c31cefb61ec656829fa5c0e36"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/capnproto/capnproto/commit/e929f0ba7901a6b8f4b5ba9a4db00af43288cbb0"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/capnproto/capnproto/security/advisories/GHSA-qjx3-pp3m-9jpm"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}, {"lang": "en", "value": "CWE-444"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "capnproto: Cap'n Proto has an integer overflow in KJ-HTTP", "id": "2447106", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447106"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-681", "details": ["A flaw was found in the KJ-HTTP component of Cap\u2019n Proto. When processing HTTP messages, a negative Content-Length value could be implicitly converted to an unsigned integer, resulting in an extremely large length value. An attacker could exploit this behavior by sending specially crafted HTTP messages containing negative Content-Length values. This may lead to inconsistent interpretation of HTTP message boundaries and could theoretically enable HTTP request or response smuggling scenarios in applications that rely on Cap\u2019n Proto\u2019s HTTP implementation."], "mitigation": {"lang": "en:us", "value": "Red Hat is not aware of a practical temporary workaround that fully mitigates this issue or meets Red Hat Product Security's standards for usability, deployment, applicability, or stability."}, "name": "CVE-2026-32239", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "capnproto", "product_name": "Red Hat Enterprise Linux 10"}], "public_date": "2026-03-12T19:33:25Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-32239\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-32239\nhttps://capnproto.org/capnproto-c++-1.4.0.tar.gz\nhttps://capnproto.org/capnproto-c++-win32-1.4.0.zip\nhttps://github.com/capnproto/capnproto/commit/2744b3c012b4aa3c31cefb61ec656829fa5c0e36\nhttps://github.com/capnproto/capnproto/commit/e929f0ba7901a6b8f4b5ba9a4db00af43288cbb0\nhttps://github.com/capnproto/capnproto/security/advisories/GHSA-qjx3-pp3m-9jpm"], "statement": "This issue is rated Moderate severity by Red Hat Product Security, because exploitation requires the attacker to craft malformed HTTP messages containing negative Content-Length values that trigger the integer conversion behavior in the KJ-HTTP parser. Such malformed inputs are not typically generated during normal HTTP communication and may be rejected or normalized by intermediate HTTP components such as proxies or load balancers or front-end servers before reaching the affected parser. The potential impact is also limited to inconsistent interpretation of HTTP request boundaries, which could enable limited request smuggling scenarios depending on application architecture. The vulnerability does not directly allow remote code execution or service crashes.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.4.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "capnproto", "source": "cna", "vendor": "capnproto"}, "product": "capnproto", "vendor": "capnproto"}], "analysis": {"en": {"generated_at": "2026-03-18T19:06:56.836307+00:00", "value": {"mitigation_remediation": ["Upgrade Cap'n Proto to version 1.4.0 or later.", "Rebuild or redeploy applications that link against Cap'n Proto with the updated library.", "Verify that no older Cap'n Proto versions remain in deployed environments.", "Monitor network traffic for anomalous HTTP requests that may indicate smuggling attempts."], "summary": {"action": "Patch", "impact": "HTTP request smuggling"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Cap'n Proto releases prior to 1.4.0. Any software that embeds the KJ-HTTP component from these versions is potentially vulnerable. The fix was introduced in version 1.4.0.", "description_and_impact": "Cap'n Proto\u2019s KJ-HTTP library contains an integer overflow caused by converting a negative Content-Length header to an unsigned value, resulting in an unrealistically large length. This flaw can theoretically allow an attacker to craft HTTP requests or responses that could be mistakenly merged or split by a server, leading to HTTP request smuggling. The weakness is classified as CWE-190, CWE-444, and CWE-681.", "risk_and_exploitability": "The CVSS base score of 6.3 indicates moderate severity. The EPSS score is below 1\u202f%, and the issue is not listed in the CISA KEV catalog, suggesting a low likelihood of current exploitation. The attack vector would require an attacker to send malicious HTTP traffic to a target that uses the vulnerable library; this is inferred from the nature of the bug, as the description does not state a confirmed exploitation path. Overall, the risk is moderate, but actual exploitation would demand a reachable HTTP endpoint and a client capable of sending the crafted headers."}}}}, "created": "2026-03-13T09:50:05.440985+00:00", "updated": "2026-03-23T09:54:53.501985+00:00", "vendors": ["capnproto", "capnproto$PRODUCT$capnproto"]}