CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-26234

JUNG Smart Visu Server 1.1.1050 contains a request header manipulation vulnerability that allows unauthenticated attackers to override request URLs by injecting arbitrary values in the X-Forwarded-Host header. Attackers can manipulate proxied requests to generate tainted responses, enabling cache poisoning, potential phishing, and redirecting users to malicious domains.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 8.0%

CVSS Severity

CVSS v3 Score 8.8

References

https://www.vulncheck.com/advisories/jung-smart-visu-server-improper-neutralization-of-http-headers-for-scripting-syntax
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5970.php
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5970.php

Products affected by CVE-2026-26234

Jung-Group » Smart Visu Server » Version: N/A

cpe:2.3:h:jung-group:smart_visu_server:-
Jung-Group » Smart Visu Server Firmware » Version: 1.0.830

cpe:2.3:o:jung-group:smart_visu_server_firmware:1.0.830
Jung-Group » Smart Visu Server Firmware » Version: 1.0.832

cpe:2.3:o:jung-group:smart_visu_server_firmware:1.0.832

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-26234

Products

Pricing

Contact Us