CVE-2026-28368 in Undertow
摘要 (英语)
A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exploited to launch request smuggling attacks, potentially bypassing security controls and accessing unauthorized resources.
负责
redhat
预定
2026-02-27
披露
2026-03-27
条目
VulDB provides additional information and datapoints for this CVE:
| 标识符 | 漏洞 | CWE | 可利用 | 对策 | CVE |
|---|---|---|---|---|---|
| 353989 | Undertow Requests 权限提升 | 444 | 未定义 | 未定义 | CVE-2026-28368 |