NextGuard
UNKNOWNCVE-2026-28368

Undertow: undertow: request smuggling via inconsistent header parsing

Platform

java

Component

undertow

View on NVD

A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exploited to launch request smuggling attacks, potentially bypassing security controls and accessing unauthorized resources.

How to fix

Actualice Undertow a la versión corregida o superior. Esto mitigará la vulnerabilidad de request smuggling causada por la interpretación inconsistente de encabezados HTTP entre Undertow y los proxies ascendentes.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free
CVE-2026-28368 — Vulnerability Details | NextGuard | NextGuard