PT-2026-7814 · Jung · Jung Smart Visu Server

Gjoko Krstic

Publicado

2026-02-12

Atualizado

2026-02-20

CVE-2026-26234

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions JUNG Smart Visu Server version 1.1.1050

Description JUNG Smart Visu Server version 1.1.1050 contains a request header manipulation issue that allows unauthenticated attackers to override request URLs by injecting arbitrary values into the X-Forwarded-Host header. Attackers can manipulate proxied requests to generate tainted responses, potentially leading to cache poisoning, phishing, and redirection of users to malicious domains. The vulnerability involves improper neutralization of HTTP headers for scripting syntax.

Recommendations Restrict access to the X-Forwarded-Host header to prevent manipulation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-644

Identificadores relacionados

CVE-2026-26234

Produtos afetados

Jung Smart Visu Server

PT-2026-7814 · Jung · Jung Smart Visu Server

CVE-2026-26234

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10