WAF

CrowdSec AppSec WAF bypass via chunked transfer encoding (CVE-2026-44982)

CVE-2026-44982 was a single-header WAF bypass in the CrowdSec AppSec component. Same payload, Content-Length blocked, Transfer-Encoding: chunked passed through to the backend. The root cause was one line in pkg/appsec/request.go. The same shape shipped in an official CrowdSec bouncer and the main third-party Traefik integration, both addressed in subsequent releases without CVE assignment.