Vulnerability Details CVE-2026-40560
Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence.
Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence.
An attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 3.8%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2026-40560
-
cpe:2.3:a:miyagawa:starman:0.1000
-
cpe:2.3:a:miyagawa:starman:0.1001
-
cpe:2.3:a:miyagawa:starman:0.1002
-
cpe:2.3:a:miyagawa:starman:0.1003
-
cpe:2.3:a:miyagawa:starman:0.1004
-
cpe:2.3:a:miyagawa:starman:0.1005
-
cpe:2.3:a:miyagawa:starman:0.1006
-
cpe:2.3:a:miyagawa:starman:0.1007
-
cpe:2.3:a:miyagawa:starman:0.2000
-
cpe:2.3:a:miyagawa:starman:0.2001
-
cpe:2.3:a:miyagawa:starman:0.2002
-
cpe:2.3:a:miyagawa:starman:0.2003
-
cpe:2.3:a:miyagawa:starman:0.2004
-
cpe:2.3:a:miyagawa:starman:0.2005
-
cpe:2.3:a:miyagawa:starman:0.2006
-
cpe:2.3:a:miyagawa:starman:0.2007
-
cpe:2.3:a:miyagawa:starman:0.2008
-
cpe:2.3:a:miyagawa:starman:0.2009
-
cpe:2.3:a:miyagawa:starman:0.2010
-
cpe:2.3:a:miyagawa:starman:0.2011
-
cpe:2.3:a:miyagawa:starman:0.2012
-
cpe:2.3:a:miyagawa:starman:0.2013
-
cpe:2.3:a:miyagawa:starman:0.2014
-
cpe:2.3:a:miyagawa:starman:0.29_90
-
cpe:2.3:a:miyagawa:starman:0.3000
-
cpe:2.3:a:miyagawa:starman:0.3001
-
cpe:2.3:a:miyagawa:starman:0.3002
-
cpe:2.3:a:miyagawa:starman:0.3003
-
cpe:2.3:a:miyagawa:starman:0.3004
-
cpe:2.3:a:miyagawa:starman:0.3005
-
cpe:2.3:a:miyagawa:starman:0.3006
-
cpe:2.3:a:miyagawa:starman:0.3007
-
cpe:2.3:a:miyagawa:starman:0.3008
-
cpe:2.3:a:miyagawa:starman:0.3009
-
cpe:2.3:a:miyagawa:starman:0.3010
-
cpe:2.3:a:miyagawa:starman:0.3011
-
cpe:2.3:a:miyagawa:starman:0.3012
-
cpe:2.3:a:miyagawa:starman:0.3013
-
cpe:2.3:a:miyagawa:starman:0.3014
-
cpe:2.3:a:miyagawa:starman:0.4000
-
cpe:2.3:a:miyagawa:starman:0.4001
-
cpe:2.3:a:miyagawa:starman:0.4002
-
cpe:2.3:a:miyagawa:starman:0.4003
-
cpe:2.3:a:miyagawa:starman:0.4004
-
cpe:2.3:a:miyagawa:starman:0.4005
-
cpe:2.3:a:miyagawa:starman:0.4006
-
cpe:2.3:a:miyagawa:starman:0.4007
-
cpe:2.3:a:miyagawa:starman:0.4008
-
cpe:2.3:a:miyagawa:starman:0.4009
-
cpe:2.3:a:miyagawa:starman:0.4010
-
cpe:2.3:a:miyagawa:starman:0.4011
-
cpe:2.3:a:miyagawa:starman:0.4012
-
cpe:2.3:a:miyagawa:starman:0.4013
-
cpe:2.3:a:miyagawa:starman:0.4014
-
cpe:2.3:a:miyagawa:starman:0.4015
-
cpe:2.3:a:miyagawa:starman:0.4016
-
cpe:2.3:a:miyagawa:starman:0.4017