diff --git a/Fix-CVE-2023-26148.patch b/Fix-CVE-2023-26148.patch
new file mode 100644
index 0000000000000000000000000000000000000000..01114dcb5a5c99f647f6f9dc65509e823100209d
--- /dev/null
+++ b/Fix-CVE-2023-26148.patch
@@ -0,0 +1,41 @@
+From 44f6edeba66163bc00192e0f1c737cbb587af192 Mon Sep 17 00:00:00 2001
+From: huangudirong <huangduirong@huawei.com>
+Date: Wed, 11 Oct 2023 21:40:32 +0800
+Subject: [PATCH] Fix CVE-2023-26148
+
+---
+ http/HttpMessage.cpp | 18 +++++++++++++++++-
+ 1 file changed, 17 insertions(+), 1 deletion(-)
+
+diff --git a/http/HttpMessage.cpp b/http/HttpMessage.cpp
+index 606ca56..42ea94d 100644
+--- a/http/HttpMessage.cpp
++++ b/http/HttpMessage.cpp
+@@ -489,7 +489,23 @@ void HttpMessage::DumpHeaders(std::string& str) {
+             // %s: %s\r\n
+             str += header.first;
+             str += ": ";
+-            str += header.second;
++            // if the value has \r\n, translate to \\r\\n
++            if (header.second.find("\r") != std::string::npos ||
++                header.second.find("\n") != std::string::npos) {
++                std::string newStr = "";
++                for (size_t i = 0; i < header.second.size(); ++i) {
++                    if (header.second[i] == '\r') {
++                        newStr += "\\r";
++                    } else if (header.second[i] == '\n') {
++                        newStr += "\\n";
++                    } else {
++                        newStr += header.second[i];
++                    }
++                }
++                str += newStr;
++            } else {
++                str += header.second;
++            }
+             str += "\r\n";
+         }
+     }
+-- 
+2.33.0
+
diff --git a/libhv.spec b/libhv.spec
index ca99794bdd2fac10612c34ed883fc32bdb6fc3fa..136821ed4487900d12378cf57c6add559196deee 100644
--- a/libhv.spec
+++ b/libhv.spec
@@ -1,13 +1,16 @@
 Name:           libhv
 Version:        1.3.1
-Release:        2
+Release:        3
 Summary:        Like libevent, libev, and libuv, libhv provides event-loop with non-blocking IO and timer, but simpler api and richer protocols
 
 License:        BSD 3-Clause License
 URL:            https://gitee.com/libhv/libhv
 Source0:        https://gitee.com/libhv/libhv/archive/refs/tags/v1.3.1.tar.gz#/%{name}-v%{version}.tar.gz
-Patch001:       support-lib64-path.patch
-Patch002:       support-event-signal-in-libhv.patch
+Patch0001:       Fix-CVE-2023-26148.patch
+
+Patch6001:       support-lib64-path.patch
+Patch6002:       support-event-signal-in-libhv.patch
+
 BuildRequires: gcc  gcc-c++ openssl-devel procps-ng net-tools cmake
 
 
@@ -53,6 +56,9 @@ cd %{_vpath_builddir}
 %{_libdir}/*.a
 
 %changelog
+* Tue Oct 31 2023 huangduirong <huangduirong@huawei.com> - 1.3.1-3
+- Fix CVE-2023-26148
+
 * Tue Oct 31 2023 huangduirong <huangduirong@huawei.com> - 1.3.1-2
 - support event signal