QSearchQSearch

CVE-2026-6338

A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 series

Published: 2026-06-11 · Last updated: 2026-06-11

Severity and scoring

CWE
CWE-444

Description

A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 series. The vulnerability is caused by a parsing flaw in Kong’s HTTP request processing pipeline when handling untrusted HTTP/1.1 traffic.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-50020 Netty is a network application framework for development of protocol servers and clients (5.3 MEDIUM)
  • CVE-2026-46342 Nuxt is an open-source web development framework for Vue.js
  • CVE-2026-41853 Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks (5.3 MEDIUM)
  • CVE-2026-44546 daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake proces... (3.7 LOW)
  • CVE-2026-50052 In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend r...