Security Bulletin: Multiple vulnerabilities in IBM Observability with Instana (OnPrem)
Details
CVSS v3
9.8
CVSS v4
6.9
NVD published
2025-08-25 21:15:37
EPSS
<0.1% probability · 22.9th percentile — 2026-03-16
Affected versions
Not available in our cache.
Summary
h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF characters into headers. This occurs when servers downgrade HTTP/2 requests to HTTP/1.1 without properly validating header names/values, enabling attackers to manipulate request boundaries and bypass security controls. This issue has been patched in version 4.3.0.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.