Vulnerability DatabaseCVE-2026-32240

CVE-2026-32240:
NixOS vulnerability analysis and mitigation

Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, when using Transfer-Encoding: chunked, if a chunk's size parsed to a value of 2^64 or larger, it would be truncated to a 64-bit integer. In theory, this bug could enable HTTP request/response smuggling. This vulnerability is fixed in 1.4.0.

Source: NVD

View vulnerable instances

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Watch 12-min demo

6.3

Score

Published March 12, 2026

Severity MEDIUM

CNA Score 6.3

Affected Technologies

NixOS
Linux Debian

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 23.2

Exploitation Probability (EPSS) 0.1

Affected packages and libraries

capnproto

Sources

NVD
Alpine Security Tracker
- Alpine 3.14, 3.15, 3.16, 3.17, 3.18, 3.19, 3.20, 3.21, 3.22, 3.23, edge Severity MEDIUMNo FixAdded at: Mar 19, 2026
Debian Security Tracker
- Debian 11, 12, 13 Severity MEDIUMNo FixAdded at: Mar 13, 2026
- Debian 14 Severity MEDIUMHas FixAdded at: Mar 13, 2026
Echo
- Echo Severity MEDIUMNo FixAdded at: Mar 13, 2026
Nix
- Nix Severity MEDIUMHas FixAdded at: Mar 20, 2026
Red Hat Errata
- Red Hat 10 Severity MEDIUMNo FixAdded at: Mar 13, 2026

Get a CVE risk assessment

Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.

Request assessment

Related NixOS vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-2370	HIGH	8.8	GitLab	gitlab	No	Yes	Mar 30, 2026
CVE-2026-33206	HIGH	8.2	NixOS	calibre	No	Yes	Mar 27, 2026
CVE-2026-33868	MEDIUM	6.1	NixOS	mastodon	No	Yes	Mar 27, 2026
CVE-2026-33869	MEDIUM	4.8	NixOS	cpe:2.3:a:joinmastodon:mastodon	No	Yes	Mar 27, 2026
CVE-2026-33205	MEDIUM	4.8	NixOS	cpe:2.3:a:calibre-ebook:calibre	No	Yes	Mar 27, 2026