CVE-2026-39805 | mtrudel bandit up to 1.10.x HTTP Request lib/bandit/headers.ex Elixir.bandit.Headers:get_content_length request smuggling (GHSA-c67r-gc9j-2qf7 / EUVD-2026-26712)

A vulnerability labeled as critical has been found in mtrudel bandit up to 1.10.x. Affected by this issue is the function Elixir.bandit.Headers:get_content_length in the library lib/bandit/headers.ex of the component HTTP Request Handler. Executing a manipulation can lead to http request smuggling.

This vulnerability is registered as CVE-2026-39805. It is possible to launch the attack remotely. No exploit is available.

The affected component should be upgraded.VulDB Recent EntriesRead More