CVE-2026-1525 | undici 1.1 Strict HTTP Parser request smuggling (GHSA-2mjp-6q6p-2qxm)

A vulnerability was found in undici 1.1. It has been classified as critical. The impacted element is an unknown function of the component Strict HTTP Parser. Performing a manipulation results in http request smuggling.

This vulnerability is known as CVE-2026-1525. Remote exploitation of the attack is possible. No exploit is available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More