CVE-2026-32240 - Vulnerability Details

Description

Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, when using Transfer-Encoding: chunked, if a chunk's size parsed to a value of 2^64 or larger, it would be truncated to a 64-bit integer. In theory, this bug could enable HTTP request/response smuggling. This vulnerability is fixed in 1.4.0.

Published: 2026-03-12

Score: 6.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

Cap'n Proto implements a data interchange and RPC system that parses HTTP chunked transfer encoding. An integer overflow occurs when the parsed chunk size equals or exceeds 2^64; the value is truncated to a 64‑bit integer. This flaw can be leveraged for HTTP request or response smuggling, a technique that allows an attacker to deliver data that is interpreted differently by a server and a downstream proxy. The weakness is classified as an integer overflow (CWE‑190) and unsafe conversion (CWE‑197). The potential impact includes denial of service, bypassing of security controls, or information disclosure if the smuggled payload reaches a privileged component.

Affected Systems

All deployments of Cap'n Proto that use the Transfer‑Encoding: chunked mechanism and run a version older than 1.4.0 are affected. The product identifier is capnproto:capnproto. Specific sub‑versions are not enumerated, but any build released before the 1.4.0 update is vulnerable.

Risk and Exploitability

The CVSS base score is 6.3, indicating a medium severity. The EPSS score is below 1%, suggesting a low likelihood of real‑world exploitation, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is remote via crafted HTTP traffic that forces the Cap'n Proto library to parse an oversized chunked size. The vulnerability is exploitable when the library processes an HTTP request or response, which typically occurs in a remote context. No additional conditions or privileges are required beyond sending the malformed request.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

capnproto

affected

Version	Status	Constraints
`< 1.4.0`	affected	—

Configuration 1 [-]

cpe:2.3:a:capnproto:capnproto:*:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Capnproto

100%

Version	Status	Scheme	Platform
`[0,1.4.0)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Cap'n Proto to version 1.4.0 or later
If an upgrade cannot be performed immediately, disable or remove use of Transfer-Encoding: chunked for any paths that use Cap'n Proto
Verify that the upgrade or configuration change has been applied and that the system is no longer vulnerable

Generated by OpenCVE AI on March 18, 2026 at 19:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity High

Privileges Required None

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00077.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://capnproto.org/capnproto-c++-1.4.0.tar.gz
https://capnproto.org/capnproto-c++-win32-1.4.0.zip
https://github.com/capnproto/capnproto/commit/2744b3c012b4aa3c31cefb61ec656829fa5c0e36
https://github.com/capnproto/capnproto/commit/e929f0ba7901a6b8f4b5ba9a4db00af43288cbb0
https://github.com/capnproto/capnproto/security/advisories/GHSA-vpcq-mx5v-32wm
https://nvd.nist.gov/vuln/detail/CVE-2026-32240
https://www.cve.org/CVERecord?id=CVE-2026-32240

History

Wed, 18 Mar 2026 17:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:capnproto:capnproto::::::::
Metrics	cvssV3_1 `{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N'}`	cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}`

Sat, 14 Mar 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-190
References		https://nvd.nist.gov/vuln/detail/CVE-2026-32240 https://www.cve.org/CVERecord?id=CVE-2026-32240
Metrics	threat_severity `None`	cvssV3_1 `{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N'}` threat_severity `Moderate`

Fri, 13 Mar 2026 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 13 Mar 2026 10:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Capnproto Capnproto capnproto
Vendors & Products		Capnproto Capnproto capnproto

Thu, 12 Mar 2026 20:00:00 +0000

Type	Values Removed	Values Added
Description		Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, when using Transfer-Encoding: chunked, if a chunk's size parsed to a value of 2^64 or larger, it would be truncated to a 64-bit integer. In theory, this bug could enable HTTP request/response smuggling. This vulnerability is fixed in 1.4.0.
Title		Cap'n Proto: Integer overflow in KJ-HTTP chunk size
Weaknesses		CWE-197 CWE-444
References		https://capnproto.org/capnproto-c++-1.4.0.tar.gz https://capnproto.org/capnproto-c++-win32-1.4.0.zip https://github.com/capnproto/capnproto/commit/2744b3c012b4aa3c31cefb61ec656829fa5c0e36 https://github.com/capnproto/capnproto/commit/e929f0ba7901a6b8f4b5ba9a4db00af43288cbb0 https://github.com/capnproto/capnproto/security/advisories/GHSA-vpcq-mx5v-32wm
Metrics		cvssV4_0 `{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N'}`

Subscriptions

Capnproto Capnproto

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-03-12T19:35:57.374Z

Updated: 2026-03-13T16:14:32.323Z

Reserved: 2026-03-11T14:47:05.684Z

Link: CVE-2026-32240

Vulnrichment

Updated: 2026-03-13T16:14:28.903Z

NVD

Status : Analyzed

Published: 2026-03-12T20:16:05.190

Modified: 2026-03-18T17:01:14.163

Link: CVE-2026-32240

Redhat

Severity : Moderate

Publid Date: 2026-03-12T19:35:57Z

Links: CVE-2026-32240 - Bugzilla

OpenCVE Enrichment

Updated: 2026-03-23T09:54:52Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required None

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object