CVE-2026-3260

CVSS v3.1

5.9

Medium

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containing multipart/form-data content. If the underlying application processes parameters using methods like getParameterMap(), the server prematurely parses and stores this content to disk. This could lead to resource exhaustion, potentially resulting in a Denial of Service (DoS).

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

CVE-2026-3260

Affected Products

Red Hat Data Grid 8

Red Hat Enterprise Linux 10

Red Hat Enterprise Linux 8

Red Hat Enterprise Linux 9

Red Hat Fuse 7

Red Hat Jboss Enterprise Application Platform 7

Red Hat Enterprise Application Platform 8

Red Hat Jboss Enterprise Application Platform Expansion Pack

Red Hat Process Automation 7

Red Hat Single Sign-On 7

Red Hat Build Of Apache Camel - Hawtio 4

Red Hat Build Of Apache Camel For Spring Boot 4

CVE-2026-3260

Weakness Enumeration

Related Identifiers

Affected Products

References · 3