CVE-2026-23527 | h3js h3 up to 1.15.4 HTTP Request readRawBody request smuggling

January 15, 2026 Yanac

A vulnerability marked as problematic has been reported in h3js h3 up to 1.15.4. Impacted is the function readRawBody of the component HTTP Request Handler. This manipulation causes http request smuggling.

This vulnerability is handled as CVE-2026-23527. The attack can be initiated remotely. There is not any exploit available.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More