CVE-2026-28369 in Undertowinformation

Résumé (Anglaise)

A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote attacker to perform request smuggling. Request smuggling allows an attacker to bypass security mechanisms, access restricted information, or manipulate web caches, potentially leading to unauthorized actions or data exposure.

Responsable

redhat

Réserver

27/02/2026

Divulgation

27/03/2026

Entrées

VulDB provides additional information and datapoints for this CVE:

IDVulnérabilitéCWEExpConCVE
354000Undertow HTTP élévation de privilèges444Non définiNon définiCVE-2026-28369

Description

CPE

CWE

CVSS

Exploits

Histoire

Diff

Relier

Renseignements sur les menaces

API JSON

API XML

API CSV

PrécédentAperçuSuivant

Do you want to use VulDB in your project?

Use the official API to access entries easily!