Cloudflare patches Pingora OSS to block request‑smuggling attacks in real time

Cloudflare’s engineers say the three vulnerabilities stem from non‑RFC‑compliant handling of HTTP/1.x request bodies inside Pingora’s proxy stack, which could let an attacker desynchronize the proxy and its backend. In the proof‑of‑concept supplied by the reporter, a malformed Upgrade header caused Pingora to forward the initial request and then immediately pass any trailing bytes to the backend before the expected 101 Switching Protocols response arrived. The leftover bytes formed a second, smuggled request that bypassed the proxy’s security checks (Cloudflare blog, 2026‑03‑09). A similar flaw allowed premature body termination: Pingora would accept a Content‑Length that was shorter than the actual payload, truncating the request at the proxy while the backend continued reading, again opening a window for a hidden request to slip through.

The bug bounty researcher who disclosed the issues, Rajat Raghav (xclow3n), identified three distinct CVEs—CVE‑2026‑2833, CVE‑2026‑2835, and CVE‑2026‑2836—each covering a variant of the request‑smuggling attack vector. According to the blog post, the vulnerabilities could be exploited in standalone Pingora deployments that serve as ingress proxies for shared backends. In such configurations, an attacker could bypass Pingora’s proxy‑layer security controls, desynchronize HTTP request/response streams to hijack sessions or steal credentials, or poison Pingora’s cache layer to serve malicious content to other users.

Cloudflare stresses that its own CDN and customer traffic were not at risk because Pingora is not used as an ingress proxy within the company’s edge network. The internal architecture isolates Pingora services from direct Internet traffic, and production traffic that does reach Pingora instances is filtered through additional safeguards that prevent the malformed request patterns from being processed (Cloudflare blog, 2026‑03‑09). This mirrors the earlier Pingora smuggling vulnerability disclosed in May 2025, which also proved non‑exploitable on Cloudflare’s own infrastructure due to similar hardening measures.

Version 0.8.0, released on March 9, incorporates a series of hardening patches that tighten HTTP/1 parsing rules, enforce stricter validation of Upgrade and Content‑Length headers, and add defensive checks to reject non‑compliant payloads before they reach the backend. The update also introduces more aggressive cache‑key isolation to mitigate poisoning risks. Cloudflare’s advisory urges operators of the open‑source Pingora framework to upgrade immediately, noting that the patches are “real‑time” and do not require configuration changes to be effective (Cloudflare blog, 2026‑03‑09).

For developers deploying Pingora in production, the advisory highlights two practical steps: first, verify that the upgraded binary is running the 0.8.0 release; second, audit any custom ingress rules that might relax HTTP compliance, as such relaxations could re‑introduce the same attack surface. While Cloudflare’s own services remain insulated, the incident underscores the broader challenge of balancing legacy HTTP support with security hardening in edge‑proxy software.