Description
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in visualfc liteide (liteidex/src/3rdparty/qjsonrpc/src/http-parser modules). This vulnerability is associated with program files http_parser.C.

This issue affects liteide: before x38.4.
Published: 2026-03-24
Score: 2.9 Low
EPSS: < 1% Very Low
KEV: No
Impact: HTTP Request Smuggling
Action: Assess Impact
AI Analysis

Impact

The vulnerability stems from inconsistent interpretation of HTTP requests in the liteide HTTP parser module, allowing an attacker to smuggle a second request into a single HTTP stream. This behavior can be exploited to bypass security checks, execute unintended commands, or redirect traffic, potentially compromising application data and integrity. The weakness falls under CWE‑444, which describes ways attackers can manipulate HTTP headers to alter request handling.

Affected Systems

All installations of visualfc liteide prior to version x38.4 are affected. The flaw resides in the http_parser component of the liteide source tree and can be triggered when the application receives HTTP traffic from an external client.

Risk and Exploitability

The CVSS score of 2.9 indicates low overall severity, and there is no EPSS score provided; the vulnerability is not currently listed in CISA’s KEV catalog. The likely attack vector is inferred from the description to involve carefully constructed HTTP requests sent to the liteide server, which would require network-level access to the target. While the potential impact is moderate—primarily affecting request integrity and potentially bypassing application controls—the low score suggests that widespread exploitation is currently unlikely, though caution remains warranted.

Generated by OpenCVE AI on March 24, 2026 at 04:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify whether the running instance of liteide is older than x38.4.
  • If an upgrade path is available, apply the latest stable release (x38.4 or later) that contains the fixed http_parser module.
  • If upgrading is not immediately possible, mitigate the issue by restricting direct HTTP access to the liteide instance, for example by placing a reverse proxy or firewall that normalizes HTTP requests before they reach the application.
  • Monitor application logs for anomalous request patterns that could indicate smuggling attempts.
  • Check the vendor’s repository or issue tracker for additional patches or advisories, and stay updated on any future security releases.

Generated by OpenCVE AI on March 24, 2026 at 04:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Visualfc
Visualfc liteide
Vendors & Products Visualfc
Visualfc liteide

Tue, 24 Mar 2026 03:30:00 +0000

Type Values Removed Values Added
Description Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in visualfc liteide (liteidex/src/3rdparty/qjsonrpc/src/http-parser modules). This vulnerability is associated with program files http_parser.C. This issue affects liteide: before x38.4.
Title HTTP Request Smuggling in visualfc/liteide
Weaknesses CWE-444
References
Metrics cvssV4_0

{'score': 2.9, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:N/E:P/S:N/AU:N/R:U/V:D/RE:L/U:Green'}

Subscriptions

Visualfc Liteide
cve-icon MITRE

Status: PUBLISHED

Assigner: GovTech CSG

Published:

Updated: 2026-03-24T14:33:37.688Z

Reserved: 2026-03-24T03:23:33.566Z

Link: CVE-2026-4742

cve-icon Vulnrichment

Updated: 2026-03-24T14:33:34.761Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-24T04:17:30.380

Modified: 2026-03-24T15:53:48.067

Link: CVE-2026-4742

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T20:40:17Z

Weaknesses