Request smuggling is a web security vulnerability that occurs when an attacker exploits inconsistencies in the way front-end and back-end servers parse HTTP requests. By crafting specially formatted requests, attackers can 'smuggle' a malicious request within another, causing servers to interpret the requests differently. This can lead to unauthorized access, session hijacking, web cache poisoning, or bypassing security controls. The root cause is often a mismatch in how servers handle headers like Content-Length and Transfer-Encoding. Preventing request smuggling involves ensuring consistent HTTP parsing across all components, updating server software, and implementing strict input validation.