Every CVE whose affected-product data names Cloudflare Pingora, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2026-2833 — CVSS 9.1 (critical): An HTTP request smuggling vulnerability (CWE-444) was found in Pingora's handling of HTTP/1.1 connection upgrades. The issue occurs when a…
CVE-2026-2835 — CVSS 9.1 (critical): An HTTP Request Smuggling vulnerability (CWE-444) has been found in Pingora's parsing of HTTP/1.0 and Transfer-Encoding requests. The issue…
CVE-2026-2836 — CVSS 8.1 (high): A cache poisoning vulnerability has been found in the Pingora HTTP proxy framework’s default cache key construction. The issue occurs…
CVE-2025-4366 — CVSS 6.1 (medium): A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be…