CVE-2026-28367— Undertow: undertow: request smuggling via `\r\r\r` as a header block terminator

CVSS 8.7 · High EPSS 0.05% · P15 Updated Apr 11, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-28367

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Undertow: undertow: request smuggling via `\r\r\r` as a header block terminator

Source: NVD (National Vulnerability Database)

Vulnerability Description

A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminator. This can be used for request smuggling with certain proxy servers, such as older versions of Apache Traffic Server and Google Cloud Classic Application Load Balancer, potentially leading to unauthorized access or manipulation of web requests.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

HTTP请求的解释不一致性(HTTP请求私运)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Undertow 环境问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Undertow是美国Undertow公司的一个Web服务器。 Undertow存在环境问题漏洞，该漏洞源于远程攻击者可发送特定标头块终止符，可能导致请求夹带攻击。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
Red Hat	Red Hat build of Apache Camel for Spring Boot 4	-	`cpe:/a:redhat:camel_spring_boot:4`
Red Hat	Red Hat build of Apache Camel - HawtIO 4	-	`cpe:/a:redhat:apache_camel_hawtio:4`
Red Hat	Red Hat Data Grid 8	-	`cpe:/a:redhat:jboss_data_grid:8`
Red Hat	Red Hat Enterprise Linux 10	-	`cpe:/o:redhat:enterprise_linux:10`
Red Hat	Red Hat Enterprise Linux 8	-	`cpe:/o:redhat:enterprise_linux:8`
Red Hat	Red Hat Enterprise Linux 8	-	`cpe:/o:redhat:enterprise_linux:8`
Red Hat	Red Hat Enterprise Linux 9	-	`cpe:/o:redhat:enterprise_linux:9`
Red Hat	Red Hat Fuse 7	-	`cpe:/a:redhat:jboss_fuse:7`
Red Hat	Red Hat JBoss Enterprise Application Platform 7	-	`cpe:/a:redhat:jboss_enterprise_application_platform:7`
Red Hat	Red Hat JBoss Enterprise Application Platform 8	-	`cpe:/a:redhat:jboss_enterprise_application_platform:8`
Red Hat	Red Hat JBoss Enterprise Application Platform 8	-	`cpe:/a:redhat:jboss_enterprise_application_platform:8`
Red Hat	Red Hat JBoss Enterprise Application Platform 8	-	`cpe:/a:redhat:jboss_enterprise_application_platform:8`
Red Hat	Red Hat JBoss Enterprise Application Platform Expansion Pack	-	`cpe:/a:redhat:jbosseapxp`
Red Hat	Red Hat JBoss Enterprise Application Platform Expansion Pack	-	`cpe:/a:redhat:jbosseapxp`
Red Hat	Red Hat JBoss Enterprise Application Platform Expansion Pack	-	`cpe:/a:redhat:jbosseapxp`
Red Hat	Red Hat Process Automation 7	-	`cpe:/a:redhat:jboss_enterprise_bpms_platform:7`
Red Hat	Red Hat Single Sign-On 7	-	`cpe:/a:redhat:red_hat_single_sign_on:7`

II. Public POCs for CVE-2026-28367

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-28367

请登录查看更多情报信息。

https://access.redhat.com/security/cve/CVE-2026-28367vdb-entryx_refsource_REDHAT
2443260 – (CVE-2026-28367) CVE-2026-28367 undertow: Undertow: Request smuggling via `\r\r\r` as a header block terminatorissue-trackingx_refsource_REDHAT
https://nvd.nist.gov/vuln/detail/CVE-2026-28367

Same Patch Batch · Red Hat · 2026-03-27 · 4 CVEs total

CVE-2026-28368	8.7 HIGH	Undertow: undertow: request smuggling via inconsistent header parsing
CVE-2026-28369	8.7 HIGH	Undertow: undertow: request smuggling via malformed http request headers
CVE-2026-4948	5.5 MEDIUM	Firewalld: firewalld: local unprivileged user can modify firewall state due to d-bus sette

IV. Related Vulnerabilities

Same product: Red Hat build of Apache Camel for Spring Boot 4

Same vendor: Red Hat

Same weakness: CWE-444

V. Comments for CVE-2026-28367

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-28367— Undertow: undertow: request smuggling via `\r\r\r` as a header block terminator

I. Basic Information for CVE-2026-28367

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-28367

III. Intelligence Information for CVE-2026-28367

Same Patch Batch · Red Hat · 2026-03-27 · 4 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2026-28367

Leave a comment