A critical vulnerability tracked as CVE-2025-43859 has been disclosed in h11, a minimalist, I/O-agnostic HTTP/1.1 protocol library written in Python. Rated CVSS 9.1, the flaw could enable request smuggling attacks in applications where h11 is paired with a misconfigured or buggy HTTP proxy. “A leniency in h11’s parsing of line terminators in chunked-coding message bodies … Continue reading CVE-2025-43859
Request Smuggling Vulnerability in Python’s h11 HTTP Library