CVE-2026-45300 | AsyncHttpClient async-http-client up to 2.14.x/3.0.9 Session Cookie Redirect30xInterceptor.java propagatedHeaders information disclosure (GHSA-fmxf-pm6p-7xgm)

A vulnerability described as problematic has been identified in AsyncHttpClient async-http-client up to 2.14.x/3.0.9. Affected by this issue is the function propagatedHeaders of the file Redirect30xInterceptor.java of the component Session Cookie Handler. Such manipulation leads to information disclosure.

This vulnerability is documented as CVE-2026-45300. The attack can be executed remotely. There is not any exploit available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More