CVEFinder.io

CVE-2026-28369

⚠️ high
🔍 Scan for this CVE
Summary

A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote attacker to perform request smuggling. Request smuggling allows an attacker to bypass security mechanisms, access restricted information, or manipulate web caches, potentially leading to unauthorized actions or data exposure

Description

A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote attacker to perform request smuggling. Request smuggling allows an attacker to bypass security mechanisms, access restricted information, or manipulate web caches, potentially leading to unauthorized actions or data exposure.

CVSS Score
8.7
High
EPSS Score
0.1
Exploit Probability
Published Date
2026-03-27
First Seen: 2026-03-28
📊 Relative Risk Intelligence

This CVE is High Risk - more severe than 81.1% of all 318,071 vulnerabilities in our database.

#60,199
Top 25% most severe
Severity Percentile
🎯 CISA SSVC Assessment Updated: Mar 28, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2026-03-31
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
CWE IDs (Weakness Types)
CWE-444

📦 Affected Products 11

Vendor Product Status Affected Versions
redhat enterprise_linux Affected
v9.0
redhat jboss_enterprise_application_platform Affected
v7.0.0
redhat jboss_enterprise_application_platform Affected
v8.0.0
redhat undertow Affected
v-
redhat data_grid Affected
v8.0
redhat single_sign-on Affected
v7.0
redhat process_automation Affected
v7.0
redhat fuse Affected
v7.0.0
redhat jboss_enterprise_application_platform_expansion_pack Affected
v-
redhat build_of_apache_camel_for_spring_boot Affected
v4.0
redhat build_of_apache_camel_-_hawtio Affected
v4.0

🔗 References 2

https://access.redhat.com/security/cve/CVE-2026-28369
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2443262
Issue Tracking Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-4878 🔶 medium 6.7 0.0 A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition... 2026-04-09
CVE-2026-35091 ⚠️ high 8.2 0.3 A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Co... 2026-04-01
CVE-2026-35092 ⚠️ high 7.5 1.0 A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a re... 2026-04-01
CVE-2026-5121 ⚠️ high 7.5 0.1 A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer ... 2026-03-30
CVE-2026-28368 ⚠️ high 8.7 0.1 A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where ... 2026-03-27
CVE-2026-28367 ⚠️ high 8.7 0.0 A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block ter... 2026-03-27
These CVEs affect the same products