CVE-2026-33745
Authorization Header Exposure via Redirects in cpp-httplib HTTP Client
Publication date: 2026-03-27
Last updated on: 2026-04-01
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| yhirose | cpp-httplib | to 0.39.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-33745 is a high-severity vulnerability in the cpp-httplib C++ HTTP client library (versions up to 0.38.0) where the client improperly forwards stored authentication credentials (Basic Auth, Bearer Token, Digest Auth) to arbitrary hosts when following cross-origin HTTP redirects (status codes 301, 302, 307, 308).
The root cause is that although the Authorization header is initially stripped when a redirect to a different origin is detected, the stored credentials are then re-attached to the new client targeting the redirected host. This causes the Authorization header to be re-injected and sent in plaintext to potentially attacker-controlled hosts.
Additionally, there is no protection against HTTPS-to-HTTP downgrade redirects, which can expose credentials originally sent over TLS in cleartext.
How can this vulnerability impact me? :
This vulnerability can lead to the exposure of sensitive authentication credentials to attackers. If an application using cpp-httplib follows redirects to attacker-controlled hosts, the attacker can capture plaintext credentials such as Basic Auth, Bearer Tokens (including JWTs and API keys), and Digest Auth credentials.
Attackers can exploit this by causing the client to follow malicious redirects, including through compromised servers, open redirect vulnerabilities, or man-in-the-middle attacks injecting redirects.
The lack of HTTPS-to-HTTP downgrade protection further increases risk by allowing credentials to be transmitted unencrypted.
Overall, this can result in credential theft, unauthorized access, and potential compromise of systems relying on these credentials.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring HTTP client traffic for Authorization headers being sent to unexpected or untrusted hosts following HTTP redirects (status codes 301, 302, 307, 308). Specifically, look for cases where Basic Auth, Bearer Token, or Digest Auth credentials are forwarded to a different origin than the original request.
Network detection can involve capturing and analyzing HTTP requests to identify Authorization headers sent after redirects to different hosts or schemes (e.g., HTTPS to HTTP).
Suggested commands include using network traffic analysis tools such as tcpdump or Wireshark to capture HTTP traffic and filter for Authorization headers and redirect status codes.
- tcpdump -i <interface> -A -s 0 'tcp port 80 or tcp port 443' | grep -i 'Authorization:'
- Use Wireshark to filter HTTP traffic with the display filter: http.authorization and http.response.code == 301 or 302 or 307 or 308
Additionally, reviewing application logs or enabling verbose/debug logging in cpp-httplib clients to track redirect events and outgoing Authorization headers can help detect the vulnerability in use.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade cpp-httplib to version 0.39.0 or later, where the vulnerability is fixed by preventing authentication credentials from being copied to redirect clients targeting different origins.
If upgrading is not immediately possible, disable automatic following of redirects in the cpp-httplib client by setting `set_follow_location(false)` to prevent the client from following cross-origin redirects that leak credentials.
Avoid using authentication methods (Basic Auth, Bearer Token, Digest Auth) in combination with automatic redirect following until the fix is applied.
Additionally, monitor and block HTTPS-to-HTTP downgrade redirects, as these can expose credentials in plaintext.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability causes leakage of authentication credentials in plaintext to attacker-controlled hosts during cross-origin HTTP redirects. Such exposure of sensitive authentication data can lead to unauthorized access and data breaches.
Because the vulnerability results in exposure of sensitive information (credentials) to unauthorized actors, it can negatively impact compliance with common standards and regulations such as GDPR and HIPAA, which require protection of sensitive data and proper access controls.
Specifically, the leakage of credentials violates principles of confidentiality and data protection mandated by these regulations, potentially leading to regulatory penalties and loss of trust.