CVE-2026-4742 | visualfc liteide up to x38.3 HTTP Request http_parser.C request smuggling

VDB-352679 · CVE-2026-4742 · GCVE-0-2026-4742 VISUALFC LITEIDE UP TO X38.3 HTTP REQUEST HTTP_PARSER.C REQUEST SMUGGLING HISTORYDIFFRELATEJSONXMLCTI CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score 5.4 $0-$5k 1.72+ Summaryinfo A vulnerability was found in visualfc liteide up to x38.3. It has been classified as problematic. This affects an unknown function of the file http_parser.C of the component HTTP Request Handler. The manipulation leads to request smuggling. This vulnerability is traded as CVE-2026-4742. It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is recommended. Detailsinfo A vulnerability was found in visualfc liteide up to x38.3 and classified as problematic. This issue affects an unknown code block of the file http_parser.C of the component HTTP Request Handler. The manipulation with an unknown input leads to a request smuggling vulnerability. Using CWE to declare the problem leads to CWE-444. The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination. Impacted is confidentiality, integrity, and availability. The summary by CVE is: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in visualfc liteide (liteidex/src/3rdparty/qjsonrpc/src/http-parser modules). This vulnerability is associated with program files http_parser.C. This issue affects liteide: before x38.4. It is possible to read the advisory at github.com. The identification of this vulnerability is CVE-2026-4742 since 03/24/2026. The exploitation is known to be difficult. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Technical details of the vulnerability are known, but there is no available exploit. Upgrading to version x38.4 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version. Productinfo Vendor visualfc Name liteide Version x38.0 x38.1 x38.2 x38.3 Website Product: https://github.com/visualfc/liteide/ CPE 2.3info 🔒 🔒 🔒 CPE 2.2info 🔒 🔒 🔒 CVSSv4info VulDB Vector: 🔒 VulDB Reliability: 🔍 CNA CVSS-B Score: 🔒 CNA CVSS-BT Score: 🔒 CNA Vector: 🔒 CVSSv3info VulDB Meta Base Score: 5.6 VulDB Meta Temp Score: 5.4 VulDB Base Score: 5.6 VulDB Temp Score: 5.4 VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv2info Vector Complexity Authentication Confidentiality Integrity Availability Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock VulDB Base Score: 🔒 VulDB Temp Score: 🔒 VulDB Reliability: 🔍 Exploitinginfo Class: Request smuggling CWE: CWE-444 CAPEC: 🔒 ATT&CK: 🔒 Physical: No Local: No Remote: Yes Availability: 🔒 Status: Not defined Price Prediction: 🔍 Current Price Estimation: 🔒 0-Day Unlock Unlock Unlock Unlock Today Unlock Unlock Unlock Unlock Threat Intelligenceinfo Interest: 🔍 Active Actors: 🔍 Active APT Groups: 🔍 Countermeasuresinfo Recommended: Upgrade Status: 🔍 0-Day Time: 🔒 Upgrade: liteide x38.4 Patch: github.com Timelineinfo 03/24/2026 Advisory disclosed 03/24/2026 +0 days CVE reserved 03/24/2026 +0 days VulDB entry created 03/24/2026 +0 days VulDB entry last update Sourcesinfo Product: github.com Advisory: github.com Status: Confirmed CVE: CVE-2026-4742 (🔒) GCVE (CVE): GCVE-0-2026-4742 GCVE (VulDB): GCVE-100-352679 Entryinfo Created: 03/24/2026 07:28 Changes: 03/24/2026 07:28 (74) Complete: 🔍 Cache ID: 99:8B2:101 Discussion No comments yet. Languages: en. Please log in to comment. ◂ PreviousOverviewNext ▸