Skip to main content

ModSecurity CVE-2026-30923

| EUVD-2026-27422 HIGH
Out-of-bounds Read (CWE-125)
2026-05-05 GitHub_M
Buffer Overflow Denial Of Service Apache Information Disclosure Nginx Suse
8.2
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
Patch available
May 05, 2026 - 20:02 EUVD
Source Code Evidence Fetched
May 05, 2026 - 19:31 vuln.today
Analysis Generated
May 05, 2026 - 19:31 vuln.today
CVSS changed
May 05, 2026 - 19:22 NVD
8.2 (HIGH)

DescriptionNVD

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occurs when a rule using the t:hexDecode transformation inspects a query string parameter containing a single character. An attacker can exploit this to crash worker processes, causing a denial of service. Service resumes once the attack stops as worker processes recover from the segfault. All versions before 3.0.15 of libModSecurity3 are affected. This has been patched in version 3.0.15.

AnalysisAI

Worker process crashes occur in ModSecurity (libmodsecurity3) when processing query string parameters containing single characters through the t:hexDecode transformation function. Remote unauthenticated attackers can trigger repeated segmentation faults to disrupt web application firewall protection, though service automatically recovers once the attack ceases. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: identify all systems running libmodsecurity3 and document current versions across Apache, IIS, and Nginx deployments. Within 7 days: apply vendor patch to libmodsecurity3 version 3.0.15 or later in a staged testing environment and validate WAF functionality post-upgrade. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

More from same product – last 7 days

CVE-2025-48977 HIGH
8.5 May 28

Path traversal in Apache Ignite 2.0.0 through 2.17.0 lets authenticated REST API users read arbitrary files on the serve
CVE-2026-9256 HIGH
8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers
CVE-2026-42782 HIGH
7.2 May 25

Code execution via Groovy sandbox bypass in Apache Syncope 3.0 through 3.0.16, 4.0 through 4.0.5, and 4.1.0 allows a hig
CVE-2026-43827 MEDIUM
5.9 May 25

Default configurations of Apache Shiro have a session fixation vulnerability. This issue affects Apache Shiro from 1.0

CVE-2026-43828 MEDIUM
5.9 May 25

Default configurations of Apache Shiro send sensitive cookies in HTTPS session without 'Secure' attribute. This issue

Vendor StatusVendor

Share

CVE-2026-30923 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy