CVE-2026-26234

High CVSS: 8.7

JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows unauthenticated attackers to override request URLs by injecting arbitrary values in the X-Forwarded-Host header. Attackers can manipulate proxied requests to generate tainted responses, enabling cache poisoning, potential phishing, and redirecting users to malicious domains.

Vendor

Jung-group

Product

Smart Visu Server Firmware

CWE

CWE-644

Yayın Tarihi

2026-02-12 04:15:47

Güncelleme

2026-02-20 15:14:52

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-644 Smart Visu Server Firmware HIGH Jung-group 2026

Referanslar

https://www.vulncheck.com/advisories/jung-smart-visu-server-improper-neutralization-of-http-headers-for-scripting-syntax https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5970.php https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5970.php

Benzer Kayıtlar

High

CVE-2026-26367

eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the deleteUserAccount JSON-RPC…

High

CVE-2026-26368

eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the resetUserPassword JSON-RPC…

Critical

CVE-2026-26369

eNet SMART HOME server 2.2.1 and 2.3.1 contains a privilege escalation vulnerability due to insufficient authorization c…

Critical

CVE-2026-26366

eNet SMART HOME server 2.2.1 and 2.3.1 ships with default credentials (user:user, admin:admin) that remain active after…

High

CVE-2026-26235

JUNG Smart Visu Server 1.1.1050 contains a denial of service vulnerability that allows unauthenticated attackers to remo…