πŸ” CVE Alert

CVE-2026-6338

UNKNOWN 0.0

HTTP request smuggling in Kong Enteprise Gateway

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

A HTTP request smuggling and desynchronization vulnerability affects Kong Gateway Enterprise 3.4, 3.10, 3.11, 3.12, 3.13, and 3.14 series. The vulnerability is caused by a parsing flaw in Kong’s HTTP request processing pipeline when handling untrusted HTTP/1.1 traffic.

CWE CWE-444
Vendor kong
Product kong enterprise gateway
Published Jun 11, 2026
Last Updated Jun 11, 2026
Stay Ahead of the Next One

Get instant alerts for kong kong enterprise gateway

Be the first to know when new unknown vulnerabilities affecting kong kong enterprise gateway are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

Kong / Kong Enterprise Gateway
3.4.0.0 < 3.4.3.27 3.10.0.0 < 3.10.0.12 3.11.0.0 < 3.11.0.12 3.12.0.0 < 3.12.0.7 3.13.0.0 < 3.13.0.5 3.14.0.0 < 3.14.0.4

References

NVD β†— CVE.org β†— EPSS Data β†—
support.konghq.com: https://support.konghq.com/support/s/article/CVE-2026-6338