Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-40561

Starlet versions through 0.31 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Starlet incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 2.3%
CVSS Severity
CVSS v3 Score 5.3
Products affected by CVE-2026-40561
  • Kazuho » Starlet » Version: 0.02
    cpe:2.3:a:kazuho:starlet:0.02
  • Kazuho » Starlet » Version: 0.03
    cpe:2.3:a:kazuho:starlet:0.03
  • Kazuho » Starlet » Version: 0.04
    cpe:2.3:a:kazuho:starlet:0.04
  • Kazuho » Starlet » Version: 0.05
    cpe:2.3:a:kazuho:starlet:0.05
  • Kazuho » Starlet » Version: 0.06
    cpe:2.3:a:kazuho:starlet:0.06
  • Kazuho » Starlet » Version: 0.07
    cpe:2.3:a:kazuho:starlet:0.07
  • Kazuho » Starlet » Version: 0.08
    cpe:2.3:a:kazuho:starlet:0.08
  • Kazuho » Starlet » Version: 0.09
    cpe:2.3:a:kazuho:starlet:0.09
  • Kazuho » Starlet » Version: 0.10
    cpe:2.3:a:kazuho:starlet:0.10
  • Kazuho » Starlet » Version: 0.11
    cpe:2.3:a:kazuho:starlet:0.11
  • Kazuho » Starlet » Version: 0.12
    cpe:2.3:a:kazuho:starlet:0.12
  • Kazuho » Starlet » Version: 0.13
    cpe:2.3:a:kazuho:starlet:0.13
  • Kazuho » Starlet » Version: 0.14
    cpe:2.3:a:kazuho:starlet:0.14
  • Kazuho » Starlet » Version: 0.15
    cpe:2.3:a:kazuho:starlet:0.15
  • Kazuho » Starlet » Version: 0.16
    cpe:2.3:a:kazuho:starlet:0.16
  • Kazuho » Starlet » Version: 0.17
    cpe:2.3:a:kazuho:starlet:0.17
  • Kazuho » Starlet » Version: 0.18
    cpe:2.3:a:kazuho:starlet:0.18
  • Kazuho » Starlet » Version: 0.19
    cpe:2.3:a:kazuho:starlet:0.19
  • Kazuho » Starlet » Version: 0.20
    cpe:2.3:a:kazuho:starlet:0.20
  • Kazuho » Starlet » Version: 0.21
    cpe:2.3:a:kazuho:starlet:0.21
  • Kazuho » Starlet » Version: 0.22
    cpe:2.3:a:kazuho:starlet:0.22
  • Kazuho » Starlet » Version: 0.23
    cpe:2.3:a:kazuho:starlet:0.23
  • Kazuho » Starlet » Version: 0.24
    cpe:2.3:a:kazuho:starlet:0.24
  • Kazuho » Starlet » Version: 0.25
    cpe:2.3:a:kazuho:starlet:0.25
  • Kazuho » Starlet » Version: 0.26
    cpe:2.3:a:kazuho:starlet:0.26
  • Kazuho » Starlet » Version: 0.28
    cpe:2.3:a:kazuho:starlet:0.28
  • Kazuho » Starlet » Version: 0.29
    cpe:2.3:a:kazuho:starlet:0.29
  • Kazuho » Starlet » Version: 0.30
    cpe:2.3:a:kazuho:starlet:0.30
  • Kazuho » Starlet » Version: 0.31
    cpe:2.3:a:kazuho:starlet:0.31


Products
Pricing
Contact Us

Shodan ® - All rights reserved