Akamai Ghost HTTP Request Smuggling Vulnerability via Custom Hop-by-Hop Headers

Vulnerability

A vulnerability in Akamai Ghost on Akamai CDN edge servers prior to 2026-02-06 allows for HTTP request smuggling. This issue arises from the improper handling of custom hop-by-hop HTTP headers. When a request includes the 'Connection: Transfer-Encoding' header, it can lead to a forwarded request with incorrect message framing. Depending on the Akamai processing path, this could cause the origin server to misinterpret the request body, facilitating HTTP request smuggling.

Impact

Exploitation of this vulnerability could lead to HTTP request smuggling, a technique that manipulates the way HTTP requests are processed, potentially causing the server to misinterpret the request body or headers.

Added: Feb 23, 2026, 9:20 AM

Updated: Feb 23, 2026, 9:20 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.4

exploitability

6.4

remediation

0.0

relevance

3.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.4

exploitability

6.4

remediation

0.0

relevance

3.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Akamai Ghost HTTP Request Smuggling Vulnerability via Custom Hop-by-Hop Headers

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating