CVE-2026-6338

Published: Giu 11, 2026 Last Modified: Giu 11, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 4,9

Source: 02762ae7-200e-4b20-9b2b-a77d5b8fc4cb

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 series. The vulnerability is caused by a parsing flaw in Kong’s HTTP request processing pipeline when handling untrusted HTTP/1.1 traffic.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0005

Percentile

0,2th

Updated

EPSS Score Trend (Last 3 Days)

444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Non-Repudiation Access Control

Potential Impacts:

Unexpected State Hide Activities Bypass Protection Mechanism

Applicable Platforms

Technologies: Web Based, Web Server

View CWE Details

https://support.konghq.com/support/s/article/CVE-2026-6338

CVE-2026-6338

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 3 Days)

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Common Consequences

Applicable Platforms

Iscriviti alla newsletter