Tinyproxy Project Tinyproxy — known CVE vulnerabilities
Every CVE whose affected-product data names Tinyproxy Project Tinyproxy, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2023-49606 — CVSS 9.8 (critical): A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy 1.11.1 and Tinyproxy 1.10.0. A specially crafted…
CVE-2022-40468 — CVSS 7.5 (high): Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit…
CVE-2026-31842 — CVSS 7.5 (high): Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the…
CVE-2025-63938 — CVSS 6.5 (medium): Tinyproxy through 1.11.2 contains an integer overflow vulnerability in the strip_return_port() function within src/reqs.c.
CVE-2017-11747 — CVSS 5.5 (medium): main.c in Tinyproxy 1.8.4 and earlier creates a /run/tinyproxy/tinyproxy.pid file after dropping privileges to a non-root account, which…