{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/credential-leak/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cpp-httplib","credential-leak","cve-2026-33745","http-redirect","credential-access","cross-origin"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe cpp-httplib library, a C++11 single-file header-only cross platform HTTP/HTTPS library, contains a vulnerability (CVE-2026-33745) in versions prior to 0.39.0. This flaw allows an attacker to potentially steal sensitive credentials by exploiting the library\u0026rsquo;s behavior when handling cross-origin HTTP redirects (301, 302, 307, 308). Specifically, stored Basic Auth, Bearer Token, and Digest Auth credentials are unintentionally forwarded to arbitrary hosts during these redirects. This means a compromised server or a malicious actor can redirect a client using the vulnerable library to a host under their control, effectively capturing the plaintext credentials within the \u003ccode\u003eAuthorization\u003c/code\u003e header. Upgrading to version 0.39.0 resolves this vulnerability. This is critical because it impacts any application using the vulnerable version of the library and relying on HTTP authentication.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker compromises or sets up a malicious HTTP server.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a response that includes an HTTP redirect (301, 302, 307, or 308) to a domain controlled by the attacker. This redirect targets a resource on the attacker\u0026rsquo;s controlled domain.\u003c/li\u003e\n\u003cli\u003eA client application using a vulnerable version of cpp-httplib (prior to 0.39.0) attempts to access a resource on the compromised or malicious server.\u003c/li\u003e\n\u003cli\u003eThe cpp-httplib library in the client application receives the HTTP redirect response.\u003c/li\u003e\n\u003cli\u003eThe vulnerable library incorrectly appends any stored \u003ccode\u003eAuthorization\u003c/code\u003e headers (Basic Auth, Bearer Token, or Digest Auth) to the redirected request, even though it\u0026rsquo;s a cross-origin request.\u003c/li\u003e\n\u003cli\u003eThe client application, through cpp-httplib, sends the redirected request to the attacker-controlled host, including the sensitive \u003ccode\u003eAuthorization\u003c/code\u003e header.\u003c/li\u003e\n\u003cli\u003eThe attacker captures the \u003ccode\u003eAuthorization\u003c/code\u003e header, extracting the plaintext credentials.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the stolen credentials to impersonate the user or gain unauthorized access to protected resources.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-33745 allows attackers to steal authentication credentials from applications utilizing the vulnerable cpp-httplib library. The impact could range from unauthorized access to user accounts and sensitive data to full compromise of the application and its related systems. The number of potential victims depends on the usage and distribution of the vulnerable cpp-httplib library across different software projects and organizations. Organizations across all sectors are potentially vulnerable if they use affected applications.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to cpp-httplib version 0.39.0 or later to remediate CVE-2026-33745 as mentioned in the \u003cstrong\u003eOverview\u003c/strong\u003e.\u003c/li\u003e\n\u003cli\u003eImplement network monitoring to detect HTTP requests containing \u003ccode\u003eAuthorization\u003c/code\u003e headers being sent to unexpected or untrusted domains, based on the attack chain steps described above, specifically step 6.\u003c/li\u003e\n\u003cli\u003eIf upgrading is not immediately feasible, consider implementing a proxy that strips \u003ccode\u003eAuthorization\u003c/code\u003e headers from HTTP redirect requests to external domains as a temporary mitigation.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-27T01:16:21Z","date_published":"2026-03-27T01:16:21Z","id":"/briefs/2026-03-cpp-httplib-credential-leak/","summary":"The cpp-httplib library prior to version 0.39.0 forwards stored authentication credentials to arbitrary hosts via HTTP redirects, potentially exposing sensitive information to malicious actors.","title":"cpp-httplib Vulnerability Leads to Credential Leakage via HTTP Redirects","url":"https://feed.craftedsignal.io/briefs/2026-03-cpp-httplib-credential-leak/"}],"language":"en","title":"CraftedSignal Threat Feed — Credential-Leak","version":"https://jsonfeed.org/version/1.1"}