A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the `Content-Length` header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large `Content-Length` value can trigger excessive memory allocation and server termination, even without sending a request body.
CVE-2026-5440
NONE
EPSS 1.64%
Updated Apr 09, 2026
CVE Details
CVE ID
CVE-2026-5440
Published Date
Apr 09, 2026
Vendor
Not specified
Severity
NONE
Exploit Prediction (EPSS)
Probability of Exploit
1.64%
Likelihood of exploitation in next 30 days
Percentile:
82.0th percentile (higher than 82.0% of all CVEs)
Standard patching cycle
Impact
Minimal impact
Source
View Advisory