CVE-2026-28367 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminator. This can be used for request sm…
High CVSS: 8.7

CVE-2026-28367

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer, potentially leading to unauthorized access or manipulation of web requests.
Vendor
-
Product
-
CWE
CWE-444
Yayın Tarihi
2026-03-27 17:16:27
Güncelleme
2026-03-30 13:26:29
Source Identifier
secalert@redhat.com
KEV Date Added
-

Kategoriler

CWE-444 HIGH 2026

Referanslar

https://access.redhat.com/security/cve/CVE-2026-28367 https://bugzilla.redhat.com/show_bug.cgi?id=2443260