Red Hat CVE-2026-3234
MEDIUMSeverity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
A flaw was found in mod_proxy_cluster. This vulnerability, a Carriage Return Line Feed (CRLF) injection in the decodeenc() function, allows a remote attacker to bypass input validation. By injecting CRLF sequences into the cluster configuration, an attacker can corrupt the response body of INFO endpoint responses. Exploitation requires network access to the MCMP protocol port, but no authentication is needed.
AnalysisAI
mod_proxy_cluster's decodeenc() function is vulnerable to CRLF injection, enabling unauthenticated attackers with network access to the MCMP protocol port to manipulate cluster configuration and corrupt INFO endpoint responses. This input validation bypass affects systems relying on mod_proxy_cluster for load balancing and cluster management. No patch is currently available for this medium-severity vulnerability.
Technical ContextAI
A flaw was found in mod_proxy_cluster. This vulnerability, a Carriage Return Line Feed (CRLF) injection in the decodeenc() function, allows a remote attacker to bypass input validation. By injecting CRLF sequences into the cluster configuration, an attacker can corrupt the response body of INFO endpoint responses. Exploitation requires network access to the MCMP protocol port, but no authentication is needed.
Affected ProductsAI
mod_proxy_cluster
RemediationAI
Monitor vendor advisories for a patch.
Same technique Authentication Bypass
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today