CVE-2026-2835
Published: 05 March 2026
Summary
CVE-2026-2835 is a critical-severity HTTP Request/Response Smuggling (CWE-444) vulnerability in Cloudflare Pingora. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 4.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely remediation of the specific HTTP request smuggling flaw in Pingora by upgrading to v0.8.0 or higher, directly eliminating the parsing vulnerability.
Mandates validation of incoming HTTP requests to reject malformed HTTP/1.0 bodies, invalid Content-Length values, or multiple Transfer-Encoding headers, preventing request desynchronization.
Ensures proxy configuration settings strictly enforce HTTP/1.1 only, reject ambiguous framing, and forward single Transfer-Encoding: chunked headers, as implemented by unaffected systems like Cloudflare's CDN.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE directly describes remote exploitation of public-facing Pingora proxy (T1190) via crafted HTTP/1.0 smuggling requests. Resulting desync enables cross-user session hijacking (T1185) and proxy-level request/response manipulation equivalent to adversary-in-the-middle positioning (T1557).
NVD Description
An HTTP Request Smuggling vulnerability (CWE-444) has been found in Pingora's parsing of HTTP/1.0 and Transfer-Encoding requests. The issue occurs due to improperly allowing HTTP/1.0 request bodies to be close-delimited and incorrect handling of multiple Transfer-Encoding values, allowing attackers to…
more
send HTTP/1.0 requests in a way that would desync Pingora’s request framing from backend servers’. Impact This vulnerability primarily affects standalone Pingora deployments in front of certain backends that accept HTTP/1.0 requests. An attacker could craft a malicious payload following this request that Pingora forwards to the backend in order to: * Bypass proxy-level ACL controls and WAF logic * Poison caches and upstream connections, causing subsequent requests from legitimate users to receive responses intended for smuggled requests * Perform cross-user attacks by hijacking sessions or smuggling requests that appear to originate from the trusted proxy IP Cloudflare's CDN infrastructure was not affected by this vulnerability, as its ingress proxy layers forwarded HTTP/1.1 requests only, rejected ambiguous framing such as invalid Content-Length values, and forwarded a single Transfer-Encoding: chunked header for chunked requests. Mitigation: Pingora users should upgrade to Pingora v0.8.0 or higher that fixes this issue by correctly parsing message length headers per RFC 9112 and strictly adhering to more RFC guidelines, including that HTTP request bodies are never close-delimited. As a workaround, users can reject certain requests with an error in the request filter logic in order to stop processing bytes on the connection and disable downstream connection reuse. The user should reject any non-HTTP/1.1 request, or a request that has invalid Content-Length, multiple Transfer-Encoding headers, or Transfer-Encoding header that is not an exact “chunked” string match.
Deeper analysisAI
CVE-2026-2835 is an HTTP Request Smuggling vulnerability (CWE-444) in Pingora's parsing of HTTP/1.0 and Transfer-Encoding requests. The issue stems from improperly allowing HTTP/1.0 request bodies to be close-delimited and incorrect handling of multiple Transfer-Encoding values, enabling attackers to desync Pingora’s request framing from backend servers. It carries a CVSS v3.1 score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) and primarily affects standalone Pingora deployments positioned in front of backends that accept HTTP/1.0 requests.
Remote attackers require no privileges or user interaction to exploit this vulnerability by crafting malicious HTTP/1.0 requests that Pingora forwards to backends. Exploitation enables bypassing proxy-level ACL controls and WAF logic, poisoning caches and upstream connections so subsequent legitimate user requests receive responses intended for smuggled payloads, and performing cross-user attacks such as hijacking sessions or smuggling requests that appear to originate from the trusted proxy IP.
Advisories recommend upgrading to Pingora v0.8.0 or higher, which addresses the issue by correctly parsing message length headers per RFC 9112 and strictly adhering to RFC guidelines, including that HTTP request bodies are never close-delimited. As a workaround, implement request filter logic to reject and stop processing non-HTTP/1.1 requests, those with invalid Content-Length values, multiple Transfer-Encoding headers, or Transfer-Encoding headers not exactly matching the string “chunked,” while disabling downstream connection reuse.
Cloudflare's CDN infrastructure was not affected, as its ingress proxy layers forward only HTTP/1.1 requests, reject ambiguous framing such as invalid Content-Length values, and forward a single Transfer-Encoding: chunked header for chunked requests. Additional details are available at https://github.com/cloudflare/pingora.
Details
- CWE(s)