CVEFinder.io

CVE-2026-28367

⚠️ high
🔍 Scan for this CVE
Summary

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer, potentially leading to unauthorized access or manipulation of web requests.

CVSS Score
8.7
High
EPSS Score
0.0
Exploit Probability
Published Date
2026-03-27
First Seen: 2026-03-28
📊 Relative Risk Intelligence

This CVE is High Risk - more severe than 81.1% of all 318,071 vulnerabilities in our database.

#60,199
Top 25% most severe
Severity Percentile
🎯 CISA SSVC Assessment Updated: Mar 31, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2026-04-10
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
CWE IDs (Weakness Types)
CWE-444

📦 Affected Products 10

Vendor Product Status Affected Versions
redhat jboss_enterprise_application_platform Affected
v7.0.0
redhat jboss_enterprise_application_platform Affected
v8.0.0
redhat undertow Affected
v-
redhat data_grid Affected
v8.0
redhat single_sign-on Affected
v7.0
redhat process_automation Affected
v7.0
redhat fuse Affected
v7.0.0
redhat jboss_enterprise_application_platform_expansion_pack Affected
v-
redhat build_of_apache_camel_for_spring_boot Affected
v4.0
redhat build_of_apache_camel_-_hawtio Affected
v4.0

🔗 References 2

https://access.redhat.com/security/cve/CVE-2026-28367
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2443260
Issue Tracking Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-28368 ⚠️ high 8.7 0.1 A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where ... 2026-03-27
CVE-2026-28369 ⚠️ high 8.7 0.1 A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more... 2026-03-27
CVE-2026-3121 🔶 medium 6.5 0.0 A flaw was found in Keycloak. An administrator with `manage-clients` permission can exploit a misconfiguration where thi... 2026-03-26
CVE-2026-3260 🔶 medium 5.9 0.6 A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containi... 2026-03-24
CVE-2026-3009 ⚠️ high 8.1 0.0 A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an... 2026-03-05
CVE-2025-12543 ⛔ critical 9.6 0.1 A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The... 2026-01-07
These CVEs affect the same products