UNKNOWNCVE-2026-28367
Undertow: undertow: request smuggling via `\r\r\r` as a header block terminator
Platform
java
Component
undertow
A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer, potentially leading to unauthorized access or manipulation of web requests.
How to fix
Actualice a una versión de Undertow que haya solucionado la vulnerabilidad de request smuggling. Consulte las notas de la versión de Undertow o los avisos de seguridad de Red Hat para obtener más información sobre las versiones afectadas y las versiones corregidas. Considere configurar correctamente los servidores proxy para mitigar el riesgo de request smuggling.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free