cvedb.io
CVE-2026-12549
MEDIUM · CVSS 4.8
EPSS exploitation probability: 0%
Published 2026-06-22T16:16:34.090 · Last modified 2026-06-23T15:16:33.000

Summary

The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading to malformed HTTP 206 responses and log flooding.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.