CVE-2026-28369

Name of the Vulnerable Software and Affected Versions Undertow (affected versions not specified)

Description A flaw exists in Undertow where the software incorrectly processes HTTP requests containing leading spaces in the first header line, violating HTTP standards. This can be exploited to perform request smuggling, potentially allowing a remote attacker to bypass security mechanisms, access restricted information, or manipulate web caches, leading to unauthorized actions or data exposure. Request smuggling involves crafting malicious requests that are misinterpreted by the server, allowing an attacker to control how requests are processed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.