Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-12549

The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading to malformed HTTP 206 responses and log flooding.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 23.5%
CVSS Severity
CVSS v3 Score 4.8
Products affected by CVE-2026-12549


Contact Us

Shodan ® - All rights reserved