Skip to main content

Owasp Modsecurity Core Rule Set

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-21876 CRITICAL POC PATCH Act Now

OWASP Core Rule Set (CRS) before 4.22.0 and 3.3.8 has a bug in rule 922110 that allows WAF bypass on multipart requests. The rule's capture variables get overwritten when processing multiple parts, allowing SQL injection and other attacks to slip through. PoC available, patch available.

Information Disclosure Owasp Modsecurity Core Rule Set
NVD GitHub VulDB Exploit-DB
CVSS 3.1
9.3
EPSS
0.1%
CVE-2026-21876
EPSS 0% CVSS 9.3
CRITICAL POC PATCH Act Now

OWASP Core Rule Set (CRS) before 4.22.0 and 3.3.8 has a bug in rule 922110 that allows WAF bypass on multipart requests. The rule's capture variables get overwritten when processing multiple parts, allowing SQL injection and other attacks to slip through. PoC available, patch available.

Information Disclosure Owasp Modsecurity Core Rule Set
NVD GitHub VulDB Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy