What is the CVSS score of CVE-2026-3234?

CVE-2026-3234 has a CVSS 3.1 base score of 4.3 (Medium). CVSS vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N. EPSS exploitation probability: 0.1%.

Which versions of Red Hat are affected by CVE-2026-3234?

Organizations using A flaw should be aware of moderate risk from CVE-2026-3234 rated CVSS 4.3. Exploitation could compromise the security of affected deployments.

Red Hat CVE-2026-3234

MEDIUM

Improper Neutralization of CRLF Sequences ('CRLF Injection') (CWE-93)

2026-03-12 secalert@redhat.com

Authentication Bypass Red Hat

4.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 19:57 vuln.today

CVE Published

Mar 12, 2026 - 11:15 nvd

MEDIUM 4.3

DescriptionNVD

A flaw was found in mod_proxy_cluster. This vulnerability, a Carriage Return Line Feed (CRLF) injection in the decodeenc() function, allows a remote attacker to bypass input validation. By injecting CRLF sequences into the cluster configuration, an attacker can corrupt the response body of INFO endpoint responses. Exploitation requires network access to the MCMP protocol port, but no authentication is needed.

AnalysisAI

mod_proxy_cluster's decodeenc() function is vulnerable to CRLF injection, enabling unauthenticated attackers with network access to the MCMP protocol port to manipulate cluster configuration and corrupt INFO endpoint responses. This input validation bypass affects systems relying on mod_proxy_cluster for load balancing and cluster management. …

RemediationAI

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2026-10021 HIGH This Week

8.8 May 28

Remote code execution in Google Chrome desktop versions prior to 148.0.7778.216 allows a remote attacker to execute arbi

CVE-2026-10002 HIGH This Week

8.8 May 28

Heap corruption in Google Chrome's PDFium component (versions prior to 148.0.7778.216) allows a remote attacker to poten

CVE-2026-10019 HIGH This Week

8.8 May 28

Cross-origin data leakage in Google Chrome versions prior to 148.0.7778.216 stems from an integer overflow in the ANGLE

CVE-2026-10022 HIGH This Week

8.8 May 28

Type confusion in the V8 JavaScript engine of Google Chrome before 148.0.7778.216 enables arbitrary code execution withi

CVE-2026-10007 HIGH This Week

8.8 May 28

Remote code execution in Google Chrome versions prior to 148.0.7778.216 stems from a use-after-free flaw in the SVG rend

Vendor StatusVendor

CVE-2026-3234 vulnerability details – vuln.today

Back

Red Hat CVE-2026-3234

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

More from same product – last 7 days

Vendor StatusVendor

Share

External POC / Exploit Code