CVE-2026-40560 – Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence

CVE ID :CVE-2026-40560

Published : April 29, 2026, 12:16 a.m. | 2 hours, 1 minute ago

Description :Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence.

Starman incorrectly prioritizes „Content-Length“ over „Transfer-Encoding: chunked“ when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence.

An attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…