EUVD-2026-16696
GHSA-8v4x-mgvp-p658
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Lifecycle Timeline
3Description
A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by Undertow compared to upstream proxies. This discrepancy in header interpretation can be exploited to launch request smuggling attacks, potentially bypassing security controls and accessing unauthorized resources.
Analysis
Undertow header parsing discrepancies enable HTTP request smuggling attacks against Red Hat middleware and enterprise platforms, allowing remote unauthenticated attackers to bypass security controls and access unauthorized resources. The vulnerability affects multiple Red Hat products including JBoss Enterprise Application Platform 7 and 8, Data Grid 8, Fuse 7, Single Sign-On 7, and Enterprise Linux 8, 9, and 10 distributions. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all systems running affected Red Hat products (JBoss EAP 7.x, 8.x, Data Grid 8, Fuse 7, SSO 7, and Enterprise Linux 8/9/10) and isolate or restrict external access where possible. Within 7 days: Deploy WAF rules to detect and block HTTP request smuggling patterns (CL.TE and TE.CL desynchronization attacks); implement strict header validation policies at ingress points; disable HTTP/1.0 where operationally feasible. …
Sign in for detailed remediation steps.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today