Security Advisory

CVE-2025-41082

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-26 09:24:20

Last updated 2026-01-26 13:55:47

Assigner INCIBE

State PUBLISHED

Description

Illegal HTTP request traffic vulnerability (CL.0) in Altitude Communication Server, caused by inconsistent analysis of multiple HTTP requests over a single Keep-Alive connection using Content-Length headers. This can cause a desynchronization of requests between frontend and backend servers, which could allow request hiding, cache poisoning or security bypass.

← Browse all CVEs View on cve.org ↗