Critical Pingora Vulnerabilities Expose Cloudflare to Request Smuggling and Cache Poisoning Attacks

Cloudflare has patched multiple Pingora bugs that could let attackers smuggle HTTP requests through edge proxies and poison caches, opening paths to data exposure, cross‑tenant leaks, and malicious content delivery at scale.

Pingora flaws: from parsing bugs to poisoned caches

Pingora is Cloudflare’s Rust‑based proxy framework, used both inside Cloudflare and by external adopters, with optional caching provided via pingora-cache and related crates.

In May 2025, Cloudflare disclosed CVE‑2025‑4366, a high‑severity HTTP/1.1 request smuggling flaw in Pingora’s proxy layer that directly enabled cache poisoning on cache hits.

The bug stemmed from Pingora serving a cached response without fully draining the incoming HTTP/1.1 request body before reusing the connection, leaving attacker‑controlled bytes in the buffer to be mis‑parsed as a separate request.

Security researchers showed that a single crafted request could inject a “smuggled” follow‑up request, allowing an attacker to manipulate headers and URLs seen by the origin and influence what gets cached.

In practical terms, this meant an attacker could cause downstream servers to respond based on a forged Host header or path, then have that response stored and later served to unsuspecting users as if it were legitimate content.

Cloudflare’s own investigation confirmed that some origins would respond to these rewritten Host headers with redirects, turning the bug into a reliable cache‑poisoning and traffic‑redirection primitive.

Since that first disclosure, two additional Pingora issues have pushed the risk profile beyond simple smuggling on cache hits.

CVE‑2026‑2835 describes another HTTP request smuggling bug, this time in Pingora’s handling of HTTP/1.0 bodies and multiple Transfer-Encoding headers, which could desynchronize request framing between Pingora and backend servers.

Exploiting this desync lets attackers bypass IP‑based ACLs, hijack sessions by pairing their smuggled request with a victim’s, and again poison caches so users receive attacker‑controlled responses.

Separately, CVE‑2026‑2836 targets Pingora’s default cache key construction, which relied only on the URI path and ignored the Host/authority component.

In multi‑tenant or multi‑origin deployments, this flawed design allows responses from one origin to be cached and then served to another, enabling cross‑tenant data leakage and broad cache poisoning across unrelated sites that share the same path structure.

Attackers can abuse this to push phishing pages, malware payloads, or cross‑origin data into the cache, where it will be transparently delivered to other users

Cloudflare says its main CDN infrastructure was protected from some of these flaws by stricter ingress behavior, including sanitizing ambiguous message lengths and enforcing sane Transfer-Encoding use, but warns that Pingora open‑source adopters are directly exposed if they enable caching with default settings.

The company disabled affected Pingora components in April 2025, shipped fixes, and invalidated cached assets to neutralize any potential poisoning before re‑enabling traffic.

Mitigations focus on strict HTTP semantics and safer cache design. Pingora 0.5.0 and later introduce mandatory draining of HTTP/1.1 request bodies before a connection is reused, closing the original smuggling vector behind CVE‑2025‑4366.

More recent releases (0.8.0 and above) harden message length parsing per RFC 9112 to resolve CVE‑2026‑2835, ensuring HTTP bodies are never treated as close‑delimited and that conflicting Transfer-Encoding sequences are rejected.

For cache poisoning via weak keys, operators are urged to override Pingora’s default cache key to include host/authority and relevant headers, or upgrade to versions that ship safer defaults.

For organizations embedding Pingora, the security takeaway is clear: treat edge proxies and cache layers as part of your critical attack surface, enforce up‑to‑date Pingora versions (≥0.8.0), and validate cache key configuration in multi‑tenant environments.

Routine testing for request smuggling and cache poisoning should become part of CI security checks, especially wherever HTTP/1.1 keep‑alive and shared caches intersect.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.

The post Critical Pingora Vulnerabilities Expose Cloudflare to Request Smuggling and Cache Poisoning Attacks appeared first on Cyber Security News.