HIGH
Kazeburo
CVE published 2026-05-06
CVE-2026-40562
CVE-2026-40562 is a high-severity HTTP request smuggling issue in Gazelle for Perl, affecting versions through 0.49. The flaw is an incorrect header-precedence decision: when both Content-Length and Transfer-Encoding: chunked are present, Gazelle gives Content-Length priority even though RFC 7230 section 3.3.3 requires Transfer-Encoding to take precedence. In deployments that sit behind a front-end revers [truncated]