CVE-2026-28368 in Undertowinformación

Resumen (Inglés)

A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exploited to launch request smuggling attacks, potentially bypassing security controls and accessing unauthorized resources.

Responsable

redhat

Reservar

2026-02-27

Divulgación

2026-03-27

Voces

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilidadCWEExpConCVE
353989Undertow Requests escalada de privilegios444No está definidoNo está definidoCVE-2026-28368

Descripción

CPE

CWE

CVSS

Hazañas

Historia

Diferencia

Relacionar

Inteligencia de amenazas

API JSON

API XML

API CSV

AnteriorVisión De ConjuntoPróximo

Want to know what is going to be exploited?

We predict KEV entries!