← Zuruck zu CVEs
CVE-2026-28368
HIGH8.7
Beschreibung
A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exploited to launch request smuggling attacks, potentially bypassing security controls and accessing unauthorized resources.
CVE Details
CVSS v3.1 Bewertung8.7
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
AngriffsvektorNETWORK
KomplexitatHIGH
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht3/27/2026
Zuletzt geandert3/31/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
redhat:build_of_apache_camel_-_hawtioredhat:build_of_apache_camel_for_spring_bootredhat:data_gridredhat:enterprise_linuxredhat:fuseredhat:jboss_enterprise_application_platformredhat:jboss_enterprise_application_platform_expansion_packredhat:process_automationredhat:single_sign-onredhat:undertow
Schwachen (CWE)
CWE-444
Referenzen
https://access.redhat.com/security/cve/CVE-2026-28368(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=2443261(secalert@redhat.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.