{ "variant_id": "CVE-2026-34441-HEAD-VARIANT", "created_at": "2026-04-03T15:45:00Z", "variant_summary": "HTTP Request Smuggling via HEAD request body (variant of GET request smuggling). HEAD requests to static file mount points with Content-Length header leave body unconsumed, enabling request smuggling on keep-alive connections.", "relation": "newer_version_sibling", "origin_kind": "pruva_variant", "repository": "https://github.com/yhirose/cpp-httplib", "submitted_target": { "target_kind": "git_tag", "version": "v0.38.0", "display": "v0.38.0" }, "variant_target": { "target_kind": "git_tag", "commit_sha": "6f2717e97f5e5dbd35178c0f2d9d6c9496a0d90c", "version": "v0.38.0", "display": "v0.38.0" }, "same_root_cause_confidence": "high", "same_surface_confidence": "high", "claimed_surface": "library_api", "validated_surface": "library_api", "required_entrypoint_kind": "http_server_endpoint", "required_entrypoint_detail": "Static file mount points (HEAD method to /path)", "attacker_controlled_input": "HTTP HEAD request with Content-Length header and body containing smuggled second request", "trigger_path": "Server::routing() -> handle_file_request() early return for HEAD without body consumption", "observed_impact_class": "http_request_smuggling", "exploitability_confidence": "high", "evidence_scope": "realistic_harness", "runtime_manifest_present": true, "end_to_end_target_reached": true, "inferred": false, "file_path": "httplib.h", "line_start": 11629, "line_end": 11631, "secondary_anchors": [ { "file_path": "httplib.h", "line_start": 8543, "line_end": 8550 } ], "review_scope_paths": [ "httplib.h" ], "artifact_refs": { "variant_manifest": "vuln_variant/variant_manifest.json", "validation_verdict": "vuln_variant/validation_verdict.json", "runtime_manifest": "logs/vuln_variant/final_variant_results.json", "repro_log": "logs/vuln_variant/test_run.log", "reproducer": [ "vuln_variant/reproduction_steps.sh" ] } }