CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-28368

A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exploited to launch request smuggling attacks, potentially bypassing security controls and accessing unauthorized resources.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 26.4%

CVSS Severity

CVSS v3 Score 8.7

References

Products affected by CVE-2026-28368

Redhat » Build Of Apache Camel - Hawtio » Version: 4.0

cpe:2.3:a:redhat:build_of_apache_camel_-_hawtio:4.0
Redhat » Build Of Apache Camel For Spring Boot » Version: 4.0

cpe:2.3:a:redhat:build_of_apache_camel_for_spring_boot:4.0
Redhat » Data Grid » Version: 8.0

cpe:2.3:a:redhat:data_grid:8.0
Redhat » Fuse » Version: 7.0.0

cpe:2.3:a:redhat:fuse:7.0.0
Redhat » Jboss Enterprise Application Platform » Version: 7.0.0

cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0
Redhat » Jboss Enterprise Application Platform » Version: 8.0.0

cpe:2.3:a:redhat:jboss_enterprise_application_platform:8.0.0
Redhat » Jboss Enterprise Application Platform Expansion Pack » Version: N/A

cpe:2.3:a:redhat:jboss_enterprise_application_platform_expansion_pack:-
Redhat » Process Automation » Version: 7.0

cpe:2.3:a:redhat:process_automation:7.0
Redhat » Single Sign-On » Version: 7.0

cpe:2.3:a:redhat:single_sign-on:7.0
Redhat » Undertow » Version: N/A

cpe:2.3:a:redhat:undertow:-
Redhat » Enterprise Linux » Version: 9.0

cpe:2.3:o:redhat:enterprise_linux:9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-28368

Products

Pricing

Contact Us