October 28, 2025 ~24 min read I admit, that's a very click-baity headline, but Microsoft have given the vulnerability a CVSS score of 9.9, their highest ever. Time to panic, right? In this post I try to provide a bit more context. I explain how request smuggling vulnerabilities work in general, how it works in this case, what attackers could use it for, how the vulnerability was fixed, what you can do to protect yourself. WARNING: I am not a security professional, so do not take anything in t...