JUNG Smart Visu Server Cache Poisoning via X-Forwarded-Host (ZSL-2026-5970)

Vulnerability Key Information Vulnerability Title: JUNG Smart Visu Server 1.1.1050 Request URL Override Vulnerability ID: ZSL-2026-5970 Type: Local/Remote Impact: Cross-Site Scripting, Spoofing Risk Rating: 4/5 Release Date: 12.02.2026 Summary The Smart Visu Server enables more convenient control of smart buildings, offering a user-friendly interface to manage KNX systems and other systems. For example, Smart Visu Server can be connected to voice control systems. Description The vulnerability allows an unauthenticated attacker to perform a cache poisoning attack by manipulating the X-Forwarded-Host header to override the effective host of a proxied request. When a malicious attacker sends a request with an arbitrary value, the backend application or proxy fails to validate or sanitize this header. As a result, the generated response includes the injected host as a legitimate URL or link, redirecting users to domains controlled by the attacker. This leads to persistent cache poisoning, where tampered content is stored and served to unintended users, enabling phishing, session hijacking, and distribution of malicious payloads. Vendor ALBRECHT JUNG GMBH & CO. KG - https://www.jung-group.com Affected Versions 1.1.1050 1.0.905 1.0.832 1.0.830 Test Environment Jetty(9.2.12.v20150709) Vendor Status [07.02.2026] Vulnerability discovered [07.02.2026] Vendor contacted [11.02.2026] No response from vendor [12.02.2026] Security advisory published Proof of Concept jung_cache.txt Acknowledgments Vulnerability discovered by Gjoko Krstic - References N/A Changelog [12.02.2026] Initial release

Goal Reached Thanks to every supporter — we hit 100%!

JUNG Smart Visu Server Cache Poisoning via X-Forwarded-Host (ZSL-2026-5970)