Security Advisory

CVE-2026-26365

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-23 00:00:00
Last updated 2026-02-23 20:58:59
Assigner mitre
State PUBLISHED

Description

Akamai Ghost on Akamai CDN edge servers before 2026-02-06 mishandles processing of custom hop-by-hop HTTP headers, where an incoming request containing the header "Connection: Transfer-Encoding" could result in a forward request with invalid message framing, depending on the Akamai processing path. This could result in the origin server parsing the request body incorrectly, leading to HTTP request smuggling.