CVE-2025-41082 MEDIUM

CVE-2025-41082: HTTP Request/Response Smuggling in Altitude Communication Server

Vendor Altitude
Product Altitude Communication Server
Weakness CWE-444
Published January 26, 2026
Last update January 26, 2026

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Illegal HTTP request traffic vulnerability (CL.0) in Altitude Communication Server, caused by inconsistent analysis of multiple HTTP requests over a single Keep-Alive connection using Content-Length headers. This can cause a desynchronization of requests between frontend and backend servers, which could allow request hiding, cache poisoning or security bypass.

Key dates

02Disclosure timeline

January 26, 2026 CVE published
January 26, 2026 Record updated