EUVD-2026-14732CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
4Tags
Description
A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipart/form-data content. If the underlying application processes parameters using methods like `getParameterMap()`, the server prematurely parses and stores this content to disk. This could lead to resource exhaustion, potentially resulting in a Denial of Service (DoS).
Analysis
A resource exhaustion vulnerability exists in Undertow where remote attackers can send HTTP GET requests with multipart/form-data content to trigger premature parsing and disk storage of request data, leading to Denial of Service when applications use parameter retrieval methods like getParameterMap(). The vulnerability affects multiple Red Hat products including Enterprise Linux 8, 9, and 10, JBoss Enterprise Application Platform 7 and 8, Red Hat Fuse 7, and several Apache Camel variants. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today